Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Overlapping IPs - Client VPN

Is there any way using a VPN concentrator 3000 and a client VPN to allow a client on a network behind a NAT device to connect a VPN to their home office, when the local office and the home office use overlapping IP address ranges?

Thanks

Dave

6 REPLIES
New Member

Re: Overlapping IPs - Client VPN

Does the VPN 3000 supports multiple ip-local-pool ?

In the affirmative I'd suggest to create a vpn-group to support this branch office.

Mike

New Member

Re: Overlapping IPs - Client VPN

I am actually looking to support the situation where a roving user gains access from unknown places (eg different hotels) and some of these places may have IP addressing schemes that overlap with the corporate LAN. The key point is that there is no control over the hotel LAN, and there is also no prior knowledge of this LAN

New Member

Re: Overlapping IPs - Client VPN

You might want to nat your ip-local-pool before it arrives on your internal network?

New Member

Re: Overlapping IPs - Client VPN

Thanks for that, but I am not sure how it helps. The problem is that if the internal (corporate) network uses the same range as the hotel network, the PC won't know how to route packets. If the user pings a server on the internal network, how would the PC know whether to send the traffic along the VPN or to a local (hotel) network host?

Dave

New Member

Re: Overlapping IPs - Client VPN

Hello Dave,

I might be misleading you in my preceeding email. All my apologizes for this. You've been able to make this work, right?

From your internal net, you'll get a reply when pinging a remote host with his virtual ip. You'll probabely wont get reply from his physical ip.

Try a ipconfig /all at a dos prompt on the remote client. You should see the physical ip (from the hotel) and also a virtual ip from your 3000 local-pool.

Hope it's more clear now;)

Mike

New Member

Re: Overlapping IPs - Client VPN

Thanks again, but it doesn't quite answer the problem. I know how the VPN client works normally, and how the virtual adaptor appears on the PC. The problem comes when the corporate LAN uses say 192.168.1.0/24 and so does the hotel. Let's say that the corporate LAN has its DC on 192.168.1.1 and unfortunately the hotel has this as its default gateway. If the user on the PC opens a DOS prompt and tries to ping 192.168.1.1 where will the packet go? To the server or to the hotel firewall?

206
Views
0
Helpful
6
Replies
CreatePlease to create content