Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Local subnet and VPN issue

We are starting to experience more and more issues with remotes sites (mostly hotels) that are using the similar local subnet scheme as we are on a local network.

Fo example, we are 10.1.x.x 255.255.255.0 network, with various vlans setup using the third octet. Several hotels are using the 10.1.x.x 255.255.0.0 scheme.

When our remote people connect to the 3005 using any client (Microsoft PPTP or the Cisco client) they are having trouble connecting to any traffic that is on the remote 10.1.x.x 255.255.255.0 network.

My suspicion is that the route it is using is the route with the shorter mask applied, which is the class b assigned from the hotel, therefore it is looking on its local network for address’s that are actually remote. I hope I have explained this so its understandable.

Anyone have this issue, or know of a dynamic work around.

  • Other Security Subjects
4 REPLIES
New Member

Re: Local subnet and VPN issue

We had that problem with our remote users and when we had the opportunity (rolled out cisco voip) we readdressed our networks to a 172.2x.x.x. We knew this was a large undertaking but was necessary. Through our experience we never saw a hotel or home network with a class b private network. Always 192.168.x.x or 10.x.x.x. That alone solved alot of issues for us.

New Member

Re: Local subnet and VPN issue

Upgrading to the latest version of the Cisco client fixed the problem. Version 4.7.

The only other probem I could cause was if you had the exact same address as what you were being given at the remote end, but thats understandable.

New Member

Re: Local subnet and VPN issue

You mentioned that upgrading your clients to 4.7 fixed the problem...was there a feature in 4.7 that you had to enable or did you change how you summarized the encryption domain on the concentrator? Anything that you could share with me would be much appreciated.

New Member

Re: Local subnet and VPN issue

Rather than readdressing, you can use NAT to accomplish what you want. Take a look at the portion on "overlapping networks" here.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb71e.html#wp1050892

The example is a bit different, but the same could be accomplished in one direction using NAT to translate the internal subnet to something else when VPN users connect. The trick would be to also have a seperate DNS server for your VPN users so they could still get to resources by the same names they typically use.

315
Views
0
Helpful
4
Replies