Overlapping IP address between ezvpn uplink and corp internal network

Unanswered Question
Jun 9th, 2009

Hi, all,

We have a lot of employees working from home, for those people, we

send them the small 851Ws configured as an ezvpn client working at NEM

mode, those C851Ws will get private DHCP address from employee's home

router (Linksys, Dlink, Airport, what have you). Since most home

routers default internal IP address is 192.168.0.0 and our corp

internal IP address is 10.0.0.0, the solution worked perfectly.

Now there is one employee his home router's default internal IP

address is also 10.0.0.0, the IPsec tunnel came up fine, but computers

behind C851W is painfully slow to access corp servers, I believe the

root cause is that when traffic destined to corp 10.0.0.0 address

reaches C851W, the traffic is not directly sent to IPsec tunnel, in

stead, C851W tries to route it locally.

Is there anyway we can force traffic with destination 10.0.0.0 to go

to IPsec tunnel automatically?

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Wed, 06/10/2009 - 07:23

I believe you would need to look at the mask, is the corp a /8 network? if so then you will always have painful issues, however if the mask is specific then both networks should be completely different.

jiangu Wed, 06/10/2009 - 07:29

Yes, split-tunnel is pushing /8 to ezvpn clients, it is easier to manage with /8 mask as new networks are constantly being added to corp network.

Ivan Martinon Wed, 06/10/2009 - 07:33

Well for instance remember that connected networks have always an Administrative Distance of 0, so anything directly connected will be preferred all the time, as I can see the only way to fix this would be to change the subnet on the local router. Now also this problem should only be seen to networks or servers that overlaps with the local network on the remote router if the router has also a /8 then this of course will fail but if it a /24 or more specific it should not be a major issue for local hosts on the remote site, but it will be for hosts on the corp site if they all have a /8 net.

Actions

This Discussion