cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
868
Views
4
Helpful
4
Replies

VPN IP range conflict.

imran_mcse
Level 1
Level 1

I am using Cisco VPN client to connect our one remote office.Unfortunately the IP pool range defined in remote office is same like my local LAN I mean my LAN is 192.168.1.x and VPN client IP also 192.168.1.x. After connection I can connect remote office servers but I can't connect my LAN servers or any PC. Due to some reasons remote office can't change IP pools and our LAN too. Is there any way I can connect to remote office servers and LAN servers after connecting VPN client without any changes in IP ranges?

4 Replies 4

zulqurnain
Level 3
Level 3

hello,

One, As i know it is not recommended that your LAN ip pool and VPN Client ip pool should not be same. change it to anything but not the same e.g. 192.168.3.x

Second, to work out your problem you can have different VPN IP Pool and add route to define in pix that it's local(trusted) and how? to reach your remote office servers, this way you will also be able to connect to your LAN and PC.

HTH, please rate it.

zulqurnain dear sorry I didn't understand clearly your second advice. Can you please explain it in detail.

hello,

all you need to do is have different IP Pool for VPN clients and define a route in FW how to reach your remote office and local LAN from this IP Pool for VPN.

HTH, please rate it.

Actually, you can enable Reverse Route Injection within the Crypto Map and you wont have to worry about adding routes.

Reverse route injection (RRI) is the ability for static routes to be automatically inserted into the routing process for those networks and hosts protected by a remote tunnel endpoint. These protected hosts and networks are known as remote proxy identities. Each route is created on the basis of the remote proxy network and mask, with the next hop to this network being the remote tunnel endpoint. By using the remote Virtual Private Network (VPN) device as the next hop, the traffic is forced through the crypto process to be encrypted.

Cheers!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: