Mobile VPN connecting from client on same subnet fails

stuart_seedstuart_seed
in Firebox - VPN Mobile User

Hi All,
We have many clients that we need to work onsite at so when our are our onsite they connect to the clients network and then use the VPN for access back to our RDS for example. However for the clients on the same subnet as us the VPN will not connect. Currently we are dishing out 10.0.79.0/16 via DHCP to our staff so if a client has a local network using 10.200.0.0 would that work? I just need to understand how or if I can dish out different IP addresses to my users to get around any similarities when working out at a clients network.
Thanks
Stuart

Comments

  • Tristan.ColoTristan.Colo
    There is no true way around this. If the subnet of a client is the same as your network then the routing will fail. The only way to fix is to change one of the subnets since there is no 1:1 NAT function on mobile VPN.

    I personally stay away from /16’s for my main network because it can be super limiting for routes.

    I usually have a server network be /24 and then have a workstation network be it’s own network if I need a lot of users….

    /16 is overkill and is a bigger broadcast domain anyway (unless you really need 65,534 addresses)
  • Tristan.ColoTristan.Colo
    Also I would personally have any VPN use a NAT so that it isn’t using my Local IP pool anyways.

    /16 is way too many addresses for a VPN anyways.
Sign In to comment.