VPN connection Problem if on same network

Hello all,

I currently have a VPN set up that works great if the connection is not from the same network. Example if the client 's computer has an address of 192.168.0.xxx, it connects via vpn everything is great. If the client has an address 192.168.1.xxx it connects, but cannot see anything on the other network even though the connection is connected. The server side of the VPN is on a 192.168.1.xxx network. I cannot change the network on the server side nor can I control the clients lan connections. Any help would be greatly appreciated,I have to go through hoops to configure clients routers to do DHCP for diffrent addresses and can be a pain for the non computer savy.


Reply to
Loading thread data ...

Change the server side network. I know you said you can't but this is the solution to your problem. If you don't like it, then keep instructing your users how to change their routers default settings.

These days it's a bad idea to use 192.168.1.x or 192.168.0.x for corporate networks for exactly this reason. I would advocate you actually change to the 10.x.x.x private address space. Even in 10.x you should avoid 10.0.0.x and 10.10.0.x since Windows servers will prompt users with these addresses when setting up a new DHCP server by default.

NAT hacks for using VPN between networks with address collisions are very ugly and usually require more difficult changes on the users end than a simple subnet change. It can also break many applications that are not NAT friendly. (Deliver IP's in packet data section)

Reply to
Mike Drechsler - SPAM PROTECTE

If the client is setting up a subnetsubnet VPN then you are either going to have to re-number one or both sides or use NAT to remap your subnet to another range for each client who clashes.

Is each client is a "road warrior" that just wants to connect up a single computer to your network then you can make this work your IPsec server supports allocating a virtual IP for each user that connects in and your clients IPsec system supports binding to that virtual IP.

Reply to
Stephen J. Bevan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.