cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
0
Helpful
6
Replies

Overlapping IPs - Client VPN

dbeattie
Level 1
Level 1

Is there any way using a VPN concentrator 3000 and a client VPN to allow a client on a network behind a NAT device to connect a VPN to their home office, when the local office and the home office use overlapping IP address ranges?

Thanks

Dave

6 Replies 6

mpalardy
Level 3
Level 3

Does the VPN 3000 supports multiple ip-local-pool ?

In the affirmative I'd suggest to create a vpn-group to support this branch office.

Mike

I am actually looking to support the situation where a roving user gains access from unknown places (eg different hotels) and some of these places may have IP addressing schemes that overlap with the corporate LAN. The key point is that there is no control over the hotel LAN, and there is also no prior knowledge of this LAN

You might want to nat your ip-local-pool before it arrives on your internal network?

Thanks for that, but I am not sure how it helps. The problem is that if the internal (corporate) network uses the same range as the hotel network, the PC won't know how to route packets. If the user pings a server on the internal network, how would the PC know whether to send the traffic along the VPN or to a local (hotel) network host?

Dave

Hello Dave,

I might be misleading you in my preceeding email. All my apologizes for this. You've been able to make this work, right?

From your internal net, you'll get a reply when pinging a remote host with his virtual ip. You'll probabely wont get reply from his physical ip.

Try a ipconfig /all at a dos prompt on the remote client. You should see the physical ip (from the hotel) and also a virtual ip from your 3000 local-pool.

Hope it's more clear now;)

Mike

Thanks again, but it doesn't quite answer the problem. I know how the VPN client works normally, and how the virtual adaptor appears on the PC. The problem comes when the corporate LAN uses say 192.168.1.0/24 and so does the hotel. Let's say that the corporate LAN has its DC on 192.168.1.1 and unfortunately the hotel has this as its default gateway. If the user on the PC opens a DOS prompt and tries to ping 192.168.1.1 where will the packet go? To the server or to the hotel firewall?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: