Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN IP range conflict.

I am using Cisco VPN client to connect our one remote office.Unfortunately the IP pool range defined in remote office is same like my local LAN I mean my LAN is 192.168.1.x and VPN client IP also 192.168.1.x. After connection I can connect remote office servers but I can't connect my LAN servers or any PC. Due to some reasons remote office can't change IP pools and our LAN too. Is there any way I can connect to remote office servers and LAN servers after connecting VPN client without any changes in IP ranges?

4 REPLIES
Bronze

Re: VPN IP range conflict.

hello,

One, As i know it is not recommended that your LAN ip pool and VPN Client ip pool should not be same. change it to anything but not the same e.g. 192.168.3.x

Second, to work out your problem you can have different VPN IP Pool and add route to define in pix that it's local(trusted) and how? to reach your remote office servers, this way you will also be able to connect to your LAN and PC.

HTH, please rate it.

New Member

Re: VPN IP range conflict.

zulqurnain dear sorry I didn't understand clearly your second advice. Can you please explain it in detail.

Bronze

Re: VPN IP range conflict.

hello,

all you need to do is have different IP Pool for VPN clients and define a route in FW how to reach your remote office and local LAN from this IP Pool for VPN.

HTH, please rate it.

New Member

Re: VPN IP range conflict.

Actually, you can enable Reverse Route Injection within the Crypto Map and you wont have to worry about adding routes.

Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Each route is created on the basis of the remote proxy network and mask, with the next hop to this network being the remote tunnel endpoint. By using the remote Virtual Private Network (VPN) device as the next hop, the traffic is forced through the crypto process to be encrypted.

Cheers!

448
Views
4
Helpful
4
Replies