[Vpn-help] Client and Remote subnets are the same

Jeff jlar310 at gmail.com
Tue Dec 23 12:42:05 CST 2008


On Tue, Dec 23, 2008 at 4:57 AM, Stefan Bauer <stefan.bauer at plzk.de> wrote:
> Jeff schrieb:
>> The assigned IP range for the connected clients is indeed different
>> than the office network, but it's the default local subnet within the
>> home networks that seems to be the problem. Home Linksys routers
>> default to 192.168.1.0/24.
>>
>> I am looking into a NAT solution (make the office net appear as
>> 10.10.1.0/24 for example, but probably make it more obscure so as to
>> not run into the same problem random free wifi), but that breaks DNS.
>> Anyone got a solution for translating DNS? I read somewhere that JunOS
>> automatically translates DNS results when bi-directional NAT is in
>> effect, but I could not find anything stating the same about ScreenOS
>> in the SSG.
>
> Now i got the problem behind your idea. I would assign the boxes in
> your office network who should be available for the roadwarriors an
> ip-address from a different pool alongside the ip-address from the
> 192.168.1.0/24 pool. I dont see any effort in doing dns-translation as
> your roadwarriors talking to ip-addreses not hostnames, dont they?

Just to be clear, are you confirming that the subnet overlap is indeed
a known issue and that without renumbering, I can not expect this to
work?

Your suggestion is a possible solution, but not practical. They do use
hostsnames and in most cases they use VPN to RDP  into their personal
desktop PC (which uses DHCP) for access to applications which we do
not allow outside the firewall or to be distributed to computers
outside our control.

-- 
Jeff



More information about the vpn-help mailing list