Hello all,

I currently have a VPN set up that works great if the connection is not
from the same network. Example if the client 's computer has an address
of 192.168.0.xxx, it connects via vpn everything is great.  If the
client has an address 192.168.1.xxx it connects, but cannot see
anything on the other network even though the connection is connected.
The server side of the VPN is on a 192.168.1.xxx network.  I cannot
change the network on the server side nor can I control the clients lan
connections.  Any help would be greatly appreciated,I have to go
through hoops to configure clients routers to do DHCP for diffrent
addresses and can be a pain for the non computer savy.

Regards,

[ Post a follow-up to this message ]

lou wrote:
> Hello all,
>
> I currently have a VPN set up that works great if the connection is not
> from the same network. Example if the client 's computer has an address
> of 192.168.0.xxx, it connects via vpn everything is great.  If the
> client has an address 192.168.1.xxx it connects, but cannot see
> anything on the other network even though the connection is connected.
> The server side of the VPN is on a 192.168.1.xxx network.  I cannot
> change the network on the server side nor can I control the clients lan
> connections.  Any help would be greatly appreciated,I have to go
> through hoops to configure clients routers to do DHCP for diffrent
> addresses and can be a pain for the non computer savy.
>
> Regards,
>


Change the server side network.  I know you said you can't but this is
the solution to your problem.  If you don't like it, then keep
instructing your users how to change their routers default settings.

These days it's a bad idea to use 192.168.1.x or 192.168.0.x for
corporate networks for exactly this reason.  I would advocate you
actually change to the 10.x.x.x private address space.  Even in 10.x you
should avoid 10.0.0.x and 10.10.0.x since Windows servers will prompt
users with these addresses when setting up a new DHCP server by default.

NAT hacks for using VPN between networks with address collisions are
very ugly and usually require more difficult changes on the users end
than a simple subnet change.  It can also break many applications that
are not NAT friendly.  (Deliver IP's in packet data section)

--
WARNING!  Email address has been altered for spam resistance.
Please remove the -deletethispart-. section before replying directly.
Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)

[ Post a follow-up to this message ]

"lou" <louie728@bellsouth.net> writes:
> I currently have a VPN set up that works great if the connection is not
> from the same network. Example if the client 's computer has an address
> of 192.168.0.xxx, it connects via vpn everything is great.  If the
> client has an address 192.168.1.xxx it connects, but cannot see
> anything on the other network even though the connection is connected.
> The server side of the VPN is on a 192.168.1.xxx network.  I cannot
> change the network on the server side nor can I control the clients lan
> connections.  Any help would be greatly appreciated,I have to go
> through hoops to configure clients routers to do DHCP for diffrent
> addresses and can be a pain for the non computer savy.

If the client is setting up a subnet<->subnet VPN then you are either
going to have to re-number one or both sides or use NAT to remap your
subnet to another range for each client who clashes.

Is each client is a "road warrior" that just wants to connect up a
single computer to your network then you can make this work your IPsec
server supports allocating a virtual IP for each user that connects in
and your clients IPsec system supports binding to that virtual IP.

[ Post a follow-up to this message ]