VPN IP range conflict.

Unanswered Question

I am using Cisco VPN client to connect our one remote office.Unfortunately the IP pool range defined in remote office is same like my local LAN I mean my LAN is 192.168.1.x and VPN client IP also 192.168.1.x. After connection I can connect remote office servers but I can't connect my LAN servers or any PC. Due to some reasons remote office can't change IP pools and our LAN too. Is there any way I can connect to remote office servers and LAN servers after connecting VPN client without any changes in IP ranges?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
zulqurnain Mon, 05/07/2007 - 22:30


One, As i know it is not recommended that your LAN ip pool and VPN Client ip pool should not be same. change it to anything but not the same e.g. 192.168.3.x

Second, to work out your problem you can have different VPN IP Pool and add route to define in pix that it's local(trusted) and how? to reach your remote office servers, this way you will also be able to connect to your LAN and PC.

HTH, please rate it.

zulqurnain Tue, 05/08/2007 - 00:02


all you need to do is have different IP Pool for VPN clients and define a route in FW how to reach your remote office and local LAN from this IP Pool for VPN.

HTH, please rate it.

Actually, you can enable Reverse Route Injection within the Crypto Map and you wont have to worry about adding routes.

Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Each route is created on the basis of the remote proxy network and mask, with the next hop to this network being the remote tunnel endpoint. By using the remote Virtual Private Network (VPN) device as the next hop, the traffic is forced through the crypto process to be encrypted.



This Discussion