[Vpn-help] Client and Remote subnets are the same
Stefan Bauer
stefan.bauer at plzk.de
Mon Dec 22 11:01:51 CST 2008
Jeff schrieb:
> We are trying to migrate to a Juniper SSG. We have successfully set up
> the SSG to accept connections from the Shrew client. However, our
> office subnet is 192.168.1.0/24, which matches most home networks. We
> do not yet know for sure that this is the problem, but so far, we have
> only had success with Shrew/SSG when the client subnet is different.
> Home users where think that the subnet is the same can establish a
> connection, but do not pass any useful traffic.
Yes because their routing entries send packets intended for the remote
lan to their local one. You could limit the remote subnet to a small
range like:
192.168.1.200/27 where you could use around 30 hosts inside.
192.168.1.193 - 192.168.1.222
network/broadcast is 192.168.1.192/192.168.1.223
Another way is to assign the "roadwarriors" a total different network
by the ssg and allow traffic by policies.
Personally, i would avoid juniper equipment because it's quite
difficult to work this out :p
just my 5 cent
More information about the vpn-help
mailing list