VPN Client, overlapping address space

Unanswered Question
Nov 26th, 2009
User Badges:

I've got some systems on my internal network sitting in 192.168.1.*, which is also a very popular subnet for homes and hotels.  When users are on 192.168.1.* remotely they can establish a tunnel but have trouble accessing servers on my internal 192.168.1.* network because the VPN client thinks those machines are local to the remote client and doesn't direct the traffic into the tunnel.

Is there some NAT trick that will solve this problem?  I'm moving my internal systems out of 192.168.1.* as they come up for replacement, but that could take a long time.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mopaul Thu, 11/26/2009 - 13:18
User Badges:
  • Bronze, 100 points or more

Hi Patrick,

Try the command on your PIX/ASA

crypto isakmp nat-traversal 20.

And make sure you have NAT 0 statement on ASA to bypass NAT for VPN traffic to client.




This Discussion