Re: RRAS VPN IP conflict
- From: Danny F <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 31 Jul 2007 18:54:01 -0700
I tried that but it doesn't work for me if they're coming from a .1 address.
Here is the scenario:
VPN Server:
Physical IP on the interface: 192.168.1.11
Internal IP of logical interface for VPN: 192.168.99.241
VPN IP Pool: 192.168.99.241 - 254
Remote PC 1:
LAN IP: 192.168.1.100
VPN IP: 192.168.99.242
Remote PC 2:
LAN IP: 192.168.25.100
VPN IP: 192.168.99.243
Remote PC 1 can ping 192.168.99.241 but cannot ping 192.168.1.11. I think
because it is still dealing with the issue of being on a .1 LAN IP.
Remote PC 2 can ping both 192.168.99.241 and 192.168.1.11
"Bill Grant" wrote:
That would just complicate the situation. You would then have two local.
subnets and you would need to set it up so thet they could both see each
other and the Internet. Much more complicated than putting the remotes in
their own subnet.
"Danny F" <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F27BD46C-37F8-4F09-A7B3-4F58EC9EE90A@xxxxxxxxxxxxxxxx
Bill, thanks for your reply.
I thouhgt of that and tried it but they still can't get to the .1 subnet
because (I think) there still on a .1 local subnet. I tried it with
remote
computers on other subnets and they could get to the .1 address of the VPN
server but nothing else. Probalby a routing issue.
Arggghh. I inherited this IP. Would have never used it myself had i
built
it.
One though I had was to build out another network 192.168.217.0 and put
the
few servers the vpn users need to access on both networks with two NIC's
on
each server. one on the .1 subnet on one on the .217 subnet. Any
thoughts?
Thanks again.
"Bill Grant" wrote:
There is no easy way around that problem. A remote machine will not
send
traffic across a VPN link if the target IP is the same IP subnet as the
local LAN. It will try to deliver the traffic "on the wire", not send it
to
a router. That is how IP routing works!
The only real solution is to put your remote users in their own IP
subnet, such as 192.168.99.0/24 using a static address pool. You then
have
to enable IP routing on the VPN server and make sure that your LAN
machines
can route to the remote subnet. This will only work automatically if the
VPN
server is the default gateway for the LAN machines.
"Danny F" <DannyF@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:378EBE4F-4957-4078-8DCE-3DF7B3AD9BB4@xxxxxxxxxxxxxxxx
I am having an issue with VPN and IP settings. I am running Windows
Server
2003 RRAS. We have a 1 subnet internal network on the 192.168.1.0/24
subnet.
The VPN server assigns IP's in the 192.168.1.241 - 254 range. The
problem
I
am having is if the remote computer is connected to a remote network
that
is
also on the 192.168.1.0/24 subnet the remote computer cannot access
anything
on our network. I understand why this happens but need a workaround or
other
solution. Many wireless routers and DSL configurations run by default
on
the
192.168.1.0/24 subnet.
Thank you in advance.
- Follow-Ups:
- Re: RRAS VPN IP conflict
- From: Bill Grant
- Re: RRAS VPN IP conflict
- References:
- Re: RRAS VPN IP conflict
- From: Bill Grant
- Re: RRAS VPN IP conflict
- From: Bill Grant
- Re: RRAS VPN IP conflict
- Prev by Date: Re: RRAS VPN IP conflict
- Next by Date: Re: Is it possible for a VPN user to join the domain?
- Previous by thread: Re: RRAS VPN IP conflict
- Next by thread: Re: RRAS VPN IP conflict
- Index(es):
Relevant Pages
|
