Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
0
Helpful
4
Replies

Local subnet and VPN issue

harvey.dewan
Level 1
Level 1

‎11-18-2005 09:25 AM - edited ‎02-21-2020 02:06 PM

We are starting to experience more and more issues with remotes sites (mostly hotels) that are using the similar local subnet scheme as we are on a local network.

Fo example, we are 10.1.x.x 255.255.255.0 network, with various vlans setup using the third octet. Several hotels are using the 10.1.x.x 255.255.0.0 scheme.

When our remote people connect to the 3005 using any client (Microsoft PPTP or the Cisco client) they are having trouble connecting to any traffic that is on the remote 10.1.x.x 255.255.255.0 network.

My suspicion is that the route it is using is the route with the shorter mask applied, which is the class b assigned from the hotel, therefore it is looking on its local network for address’s that are actually remote. I hope I have explained this so its understandable.

Anyone have this issue, or know of a dynamic work around.

Labels:
0 Helpful
4 Replies 4

sloeckle
Level 1
Level 1

‎11-18-2005 10:28 AM

We had that problem with our remote users and when we had the opportunity (rolled out cisco voip) we readdressed our networks to a 172.2x.x.x. We knew this was a large undertaking but was necessary. Through our experience we never saw a hotel or home network with a class b private network. Always 192.168.x.x or 10.x.x.x. That alone solved alot of issues for us.

0 Helpful

harvey.dewan
Level 1
Level 1
In response to sloeckle

‎11-18-2005 11:25 AM

Upgrading to the latest version of the Cisco client fixed the problem. Version 4.7.

The only other probem I could cause was if you had the exact same address as what you were being given at the remote end, but thats understandable.

0 Helpful

shaun.robin
Level 1
Level 1
In response to harvey.dewan

‎12-06-2005 08:16 AM

You mentioned that upgrading your clients to 4.7 fixed the problem...was there a feature in 4.7 that you had to enable or did you change how you summarized the encryption domain on the concentrator? Anything that you could share with me would be much appreciated.

0 Helpful

scottcraig
Level 1
Level 1

‎12-06-2005 02:23 PM

Rather than readdressing, you can use NAT to accomplish what you want. Take a look at the portion on "overlapping networks" here.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb71e.html#wp1050892

The example is a bit different, but the same could be accomplished in one direction using NAT to translate the internal subnet to something else when VPN users connect. The trick would be to also have a seperate DNS server for your VPN users so they could still get to resources by the same names they typically use.

0 Helpful
Customers Also Viewed These Support Documents