cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
837
Views
0
Helpful
4
Replies

Local subnet and VPN issue

harvey.dewan
Level 1
Level 1

We are starting to experience more and more issues with remotes sites (mostly hotels) that are using the similar local subnet scheme as we are on a local network.

Fo example, we are 10.1.x.x 255.255.255.0 network, with various vlans setup using the third octet. Several hotels are using the 10.1.x.x 255.255.0.0 scheme.

When our remote people connect to the 3005 using any client (Microsoft PPTP or the Cisco client) they are having trouble connecting to any traffic that is on the remote 10.1.x.x 255.255.255.0 network.

My suspicion is that the route it is using is the route with the shorter mask applied, which is the class b assigned from the hotel, therefore it is looking on its local network for address’s that are actually remote. I hope I have explained this so its understandable.

Anyone have this issue, or know of a dynamic work around.

4 Replies 4

sloeckle
Level 1
Level 1

We had that problem with our remote users and when we had the opportunity (rolled out cisco voip) we readdressed our networks to a 172.2x.x.x. We knew this was a large undertaking but was necessary. Through our experience we never saw a hotel or home network with a class b private network. Always 192.168.x.x or 10.x.x.x. That alone solved alot of issues for us.

Upgrading to the latest version of the Cisco client fixed the problem. Version 4.7.

The only other probem I could cause was if you had the exact same address as what you were being given at the remote end, but thats understandable.

You mentioned that upgrading your clients to 4.7 fixed the problem...was there a feature in 4.7 that you had to enable or did you change how you summarized the encryption domain on the concentrator? Anything that you could share with me would be much appreciated.

scottcraig
Level 1
Level 1

Rather than readdressing, you can use NAT to accomplish what you want. Take a look at the portion on "overlapping networks" here.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb71e.html#wp1050892

The example is a bit different, but the same could be accomplished in one direction using NAT to translate the internal subnet to something else when VPN users connect. The trick would be to also have a seperate DNS server for your VPN users so they could still get to resources by the same names they typically use.