VPN IP Range Question

T

TwiceSliced

Gawd
Joined
May 1, 2002
Messages
525
Trying to get a basic VPN set up from an SBS 2003 machine. Everything works, but there's a catch; my predecessor designed the network to use 192.168.1.x as the internal IP range, which causes a problem if the client's home network is also on that range (a.k.a. if the client is using any consumer Linksys/Cisco router's default settings). Since having clients using that range reconfigure their home networks is too much of a hassle and re-addressing the entire network is a little overwhelming at the moment, might anyone be able to suggest a work-around?

Or...

The only reason I'm doing this is because our executive director's laptop was recently formatted and Windows XP was installed using a disc with SP3 slipstreamed onto it, effectively breaking Microsoft's Remote Web Workplace. I've tried a number of workarounds for that problem, but they all assume that RWW was accessed prior to the installation of SP3. Such workarounds do not seem to solve the problem if SP3 has been slipstreamed into the installer. Any bright ideas?

Thanks.
 
This is why i NEVER use the 192.168.x.x subnet for client networks. I always setup on a 10.x.x.x or 172.16-32.x.x network. But I digress... What do you have for a router at the office? Can you setup a real VPN with that thing? IMO RRAS PPTP VPN sucks anyway. I would really recommend either an SSL or IPSEC client VPN solution if you have the hardware for it.
 
but surely if you were to setup a 'proper' vpn you are still going to have the overlapping address problem...sure there are ways around this using address translation but i suspect this is probably going to make things overly complicated for the op...sure an ssl vpn would be a really neat solution too, and would negate the overlapping address problem entirely, unless of course you are trying to use tunnel functionality too...

suck it up and just re-address the clients home networks...billable, of course... look at it as an opportunity to get to know their home networks as well, since that will make your job a whole lot easier to support them.

the numpties that put the old network in at one of my clients used the 192.168.1.x range too, and i just billed them for going around sorting their home networks out. all you need to do is change the lan ip address and (if it doesn't do it automatically) alter the dhcp scope too.

since then, however, the server has been replaced and i always try to use the 172.16.x.x range where possible.
 
If you are tunneling all of the traffic over the VPN you shouldn't have issues. You will always run into overlapping addresses, say with the hotel you happen to be staying at using the 10.x.x.x or 172.16-32.x.x networks. You only really start to have issues when you do split tunneling or allowing local LAN access which would be against security best practices for your remote users anyway.
 
I must be missing something obvious here, but bear with me; I have little practical experience with VPNs, and the reading I've been doing on the subject is raising more questions than it's answering.

At the very least, I want to connect to the server and access shared folders. If the remote network's IP range is anything other than 192.168.1.x, I can just go to \\192.168.1.x\NameOfSharedResource\ and all is well. If the remote network's IP range is 192.168.1.x, then \\192.168.1.x\NameOfSharedResource\ doesn't work.

I'd like to be able to implement a workaround on the server side.

Please help :)
 
I have some notes about this that I can look up, however, I come at this from a purely Cisco mindset, so my answers may or may not be applicable to SMB server. I am planning on studying for the MCSE in the next few months =)
 
re-addressing the entire network
Click to expand...

This.


SHould be easy to do over the weekend. I did it - fixed the problem.

Now use 192.168.104.0/21 The odd netmask means even if at 192.168.104.0/24 existed somewhere else it should still see it as a different subnet and send the packets to the router.

Odd enough that any of my users wouldn't just happen to have it. 10.x and 172.16-32.x.x are quite common in hotspots like hotels.
 
You must log in or register to reply here.
Back
Top