Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Remote site using same private addressing scheme

We have a VPN 3000 Concentrator and we are using the 10.0.0.0 private addressing scheme. We want to install the VPN client at a remote site across the internet that is also using the 10.0.0.0 private addressing scheme. The issue is once they connect (using NAT) to the public address of the VPN 3000, it gives them a private 10.x.x.x address but the IP route information local to the PC they have made a VPN connection with tries first to route on their existing private network because of this local route table. Traffic is never sent across the VPN connection. Is there a way to have this remote site connect to our network via the VPN 3000 eventhough we both use the same 10.0.0.0 private networking scheme?

2 REPLIES
Bronze

Re: Remote site using same private addressing scheme

I should start off by letting you know this is not a limitation of the VPN3000. This is the way IP works. You need to have non-local addresses for a foreign network to access local resources. This means the clients use their gateway to route the IP properly. The 10. address space is enormous so you should be able to subnet it to meet your needs. If that isn’t enough space use one of the other rfc1918 reserved address spaces for your hosts to translate to and routing should occur properly.

noc
New Member

Re: Remote site using same private addressing scheme

he is right. .you can say use 10.1.1.1/24 at the remote side, and 10.0.11.1/24 at hq behind the concentrator.. i would recommend doing lan to lan if

you can (from IOS remote to VPN local) the client

is a hella of lot of overhead on workstations no in

cpu, but in troubleshooting issues (constantly people

cant get on the vpn, with a lan to lan your help desk

will get far fewer calls if any.)

174
Views
0
Helpful
2
Replies
CreatePlease to create content