How to Handle VPN Conflicts with Identical Subnets?

By
Simon Furrel
-
0
19
Asked By TechGuru99 On

Hey all! I've got a new client with many remote users connecting to their main office via a Sophos Remote Access IPSec VPN. The catch? Their office LAN is set up on the 192.168.1.x /24 VLAN, and many remote users have home networks on the same VLAN, which leads to some conflicts.

Ideally, we'd change the office LAN to a different IP range to avoid these issues, which is the long-term plan, but we're not ready to make that switch just yet. We have adjusted the gateway from .1 to .250 to solve some problems, but there are still users facing conflicts.

I'm exploring ways to work around this without causing any downtime or disruptions since the client is sensitive about interruptions. One idea I have is to change the office LAN to a /16 subnet. This would maintain the current network addresses but create a different Net ID than the users' networks. However, I worry about forgotten devices on the network—if some devices are still on the /24 range and share IPs, will they continue to function properly? Any suggestions?

5 Answers

Answered By NetworkNinja77 On

For situations like this, I've found that adding specific routes to your routing table can help direct traffic effectively, even if there are subnet overlaps. It's a bit manual but definitely quick and effective. Just point the individual IPs to the VPN gateway, and you're good to go!

Answered By VLANMaster3000 On

Why not create a separate VLAN/subnet specifically for VPN traffic? Something like a 10.0.x.x range could work well to isolate the VPN connections and avoid the confusions all together.

Answered By SecureConnection88 On

Consider setting up SNAT and DNAT on both sides of your VPN. This can help reroute traffic appropriately and reduce the chances of conflict.

Answered By IPConfusionFixer On

You might want to try connecting by hostname instead of IP. It might help bypass some of those pesky conflicts, as long as the DNS resolution is working well.

Answered By HomeRouterHero On

One option is asking your remote users to adjust their home network ranges. It's not the best solution, but it could help in the interim while you plan a more permanent fix with the Sophos configuration.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.