I am using Cisco VPN client to connect our one remote office.Unfortunately the IP pool range defined in remote office is same like my local LAN I mean my LAN is 192.168.1.x and VPN client IP also 192.168.1.x. After connection I can connect remote office servers but I can't connect my LAN servers or any PC. Due to some reasons remote office can't change IP pools and our LAN too. Is there any way I can connect to remote office servers and LAN servers after connecting VPN client without any changes in IP ranges?
One, As i know it is not recommended that your LAN ip pool and VPN Client ip pool should not be same. change it to anything but not the same e.g. 192.168.3.x
Second, to work out your problem you can have different VPN IP Pool and add route to define in pix that it's local(trusted) and how? to reach your remote office servers, this way you will also be able to connect to your LAN and PC.
Actually, you can enable Reverse Route Injection within the Crypto Map and you wont have to worry about adding routes.
Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Each route is created on the basis of the remote proxy network and mask, with the next hop to this network being the remote tunnel endpoint. By using the remote Virtual Private Network (VPN) device as the next hop, the traffic is forced through the crypto process to be encrypted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...