Conflicting P subnets on IPSEC VPN

Device M270 - 12.6.4.B638640
System Manager 12.6.4

We have home user with IP segment identical to corporate LAN. The corporate LAN has been in place a long time and as a result has a subnet. Using SSLVPN for remote users.

Home IP
Corp Lan

Can you offer suggestion on how best to resolve this issues (apologies if this has been already covered)


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Willsmyth00

    The best way to resolve this will be to move your corp lan to a different subnet. 192.168.0.x, 192.168.1.x and 192.168.100.x are very, very common and you'll run into this time and time again if you keep the 192.168.1.x subnet as your corp lan.

    It could potentially be easier to have the customer on the distant end use a different subnet, but you will absolutely run into this problem again with another user if you continue to use that common subnet.

    (The default trusted subnet on the Firebox is 10.0.1.x in an effort to avoid this type of overlap.)

    -James Carson
    WatchGuard Customer Support

  • Unfortunately at this stage, with a small number of remote users changing the corporate LAN is not practical. We are looking into getting the remote users subnet changed.
    Is there not other solution with the Firebox VPN? It appears to be something that is supported on the BOVPN.

  • I believe that the NCP IPSec client can address this.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Bruce_Briggs @Willsmyth00
    WatchGuard/NCP client does, but it requires the use of IKEv1, and licensing per client.

    It does come with a free trial (14 days) and can be downloaded from the software downloads page for each firewall.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.