VPN to remote network on same subnet as local network

Afraid a very basic rule with VPN's is both subnets must be different. The problem is the routing devices do not know to which subnet to send the packets, local or remote , if they are the same.
You have not specified how your VPN has been created, but sounds like you may be using a Windows VPN server and client. If so sometimes the Windows VPN client will allow you to connect to the remote VPN server by forcing all traffic through the VPN default gateway. A route is not needed but you do need to make sure the "use default gateway" option is enabled (this actually creates the route). It is enabled by default, but make sure it is checked. This may not work for you, but does in some situations;
control panel | network connections | right click on the VPN/Virtual adapter and choose properties | Networking | TCP/IP -properties | Advanced | General | un-check  "Use default gateway on remote network"

What kind of VPN are you using?
"yes" if you are using a Cisco site-to-site VPN

Thanks for the responses.  

Typically, our clients have a firewall\router that passes vpn requests to a Windows server configured for Routing and Remote Access.  The type of vpn is pptp and we use the native windows dial-up from XP to establish the connection.  We use this method for remote support and travel around a lot.  Sometimes the LAN we're on happens to be the same subnet as the network of a client we need to connect to.  Some forums I've seen talk about using the route command to create a peer-to-peer static route - saying that it is the only way around the problem.  Supposedly, in XP you can create a static route to tell it to route to a specific IP using a different gateway.

I've tried the "use default gateway on remote network" both ways and get the same result.

Policy Based Nat should allow you to do that if your devices are capable of doing that.

Cheers,
Rajesh

Ok, so I accept the answer that what I want to do is not possible.  But I'm still curious about what is said on a few forums I found such as the following:  
http://marc.theaimsgroup.com/?l=vpn&m=110267670712032&w=2

The impression I get is that while you can use XP's route command to create a route to a specific network, you can also use it to create a route to a specific host - some have called it peer to peer routing.  Basically you specify the ip of the host, a 32 bit mask (which is default if you don't specify a mask) and the gateway to reach that host.  

I suppose that even if I was able pass local packets along a different route, the server on the other end would need the same modification to know where to route the response. Otherwise, it would think the target was on its local network.

There are a series of issues at play, but all relate to "confusion" as to where to send the packets, when the subnets are similar.
Before going any further is 10.0.1.6 the VPN server? If not one additional issue is the if the packet reaches the remote device it will reply to the default gateway, not the VPN client, and the packet is lost.

The proper solution yo your problem is to change the corporate site to something less common, as difficult a task as that might be. However, I wouldn't think 10.0.1.0 is that common, at least not like 192.168.0-2.0 or 10.0.0.0

10.0.1.6 is not the vpn server, it's just another server on the network.  At this particular client, a PIX firewall acts as the vpn endpoint.  The reason I was asking was because I was at a particular site and would have liked to access that server to make a quick configuration change remotely, but the location I was at happened to be on the same subnet as the remote location I needed to connect to.  I was just looking for a quick and dirty way to connect to that server while at that location.  The proper solution is to change one of the subnets, but I wasn't going to do that just for a one-time convenience.

If there was a solution, I figured it would be an handy little "trick" in case I run into a similar situation in the future since I travel a lot and do a lot of remote support.

Thanks anyway.

The PIX endpoint could be configured to work with the situation, but given that you are using MS PPTP client you have some other options, namely the route add option.
You can try this after connecting to the VPN
c:\>ipconfig  <== note the IP address of your VPN connection
c:\>route add 10.0.1.6 mask 255.255.255.255 10.0.1.xx  <== where .xx is your own VPN connection IP

This assumes that your VPN client is also a 10.0.1.x IP address....

Would have been good to know sooner this was a Pix/Cisco VPN, as none of my above comments are related to your configuration, other than the concept.
Perhaps some of the others more familiar with Cisco configurations have a work around. As a rule it is not recommended or possible, but some of the above imply under certain circumstances it may be possible.

I have no problem with you asking the moderators to re-open the question and remove "accepted" from the comment above.
http://www.experts-exchange.com/help.jsp#hi17

Yes, the route add command is exactly what I was curious about.  I've tried exactly what you said already, and it gives an error.   BTW... you don't need to specify a mask if you want a 32 bit mask - it is default.

Thanks anyway.

Sorry lrmoore, didn't refresh. Hoping you or Rajesh would jump in.
--Rob

RobWill, this is our only client that has a PIX firewall.  I was looking for a general solution that would work for a variety of situations.  Your comments confirmed what I already suspected.  Any thoughts on what Irmoore said?  That is what I tried in the first place and it didn't work.

>>"Any thoughts on what Irmoore said? "
lrmoore is the master !  I voice opinions, he speaks from the VPN gospels <G>, especially when Cisco is being discussed. Rajesh, is right up there too, in the Cisco world.
In my experience what you want to do is not possible, at least on the configurations I have worked on. Only contacting the VPN serer itself with the Windows VPN configuration has ever worked for me. Having said that, my knowledge of Cisco is limited to some very basic configurations, so it may be configurable.

Ok, let's forget I said anything about Cisco.  What about the route add command?  After connected to the vpn I tried "route add 10.0.1.6 mask 255.255.255.255 10.0.1.210" and it wouldn't take.  It said parameter is invalid.

Personally I don't see where the route on the client machine is necessary. Your VPN can be configured with or without split-tunneling. Split-tunneling allows access to the local and remote networks simultaneously. Most clients, and most sys admins do not enable split tunneling as there are huge security risks in doing so. Checking the box on the "default gateway option", on the windows client disables split tunneling.
If Split-tunneling is enabled, you cannot contact the remote network as the subnets are the same and with the local network accessible, all traffic will not leave the local network.
If split-tunneling is not enabled, ALL traffic will be forced to the remote network through the VPN default gateway (10.0.1.210) regardless. Connect the VPN and do a tracert, you should see this.
Once the packet is sent over the tunnel the reply however, will likely not be sent to the client machine but rather the corporate network's default gateway. Therefore, in my opinion you would need the route on that machine pointing to the remote client:
route add 10.0.1.210 mask 255.255.255.255 <corporate VPN gateway>
However, that is just an opinion, and if it were to work, I don't see as terribly useful unless all clients have a static IP, and there is a route for each client.

Connect to VPN, then post result of
c:\>ipconfig
c:\>route print

As requested...

[IPCONFIG]
Windows IP Configuration
Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.0.1.150
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.0.1.1

PPP adapter MTC VPN:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 10.0.1.210
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 10.0.1.210

[ROUTE PRINT]
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 9d 46 08 44 ...... National Semiconductor Corp. DP83815/816 10/100
MacPhyter PCI Adapter - Packet Scheduler Miniport
0x80004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.1.1      10.0.1.150       21
          0.0.0.0          0.0.0.0       10.0.1.210      10.0.1.210       1
         10.0.1.0    255.255.255.0       10.0.1.150      10.0.1.150       20
       10.0.1.150  255.255.255.255        127.0.0.1       127.0.0.1       20
       10.0.1.210  255.255.255.255        127.0.0.1       127.0.0.1       50
   10.255.255.255  255.255.255.255       10.0.1.150      10.0.1.150       20
   10.255.255.255  255.255.255.255       10.0.1.210      10.0.1.210       50
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
(public ip of remote host)  255.255.255.255         10.0.1.1      10.0.1.150       20
        224.0.0.0        240.0.0.0       10.0.1.150      10.0.1.150       20
        224.0.0.0        240.0.0.0       10.0.1.210      10.0.1.210       1
  255.255.255.255  255.255.255.255       10.0.1.150      10.0.1.150       1
  255.255.255.255  255.255.255.255       10.0.1.210      10.0.1.210       1
Default Gateway:        10.0.1.210
===========================================================================
Persistent Routes:
  None

You should be able to add:
C:\>route add 10.0.1.0 mask 255.255.255.0 10.0.1.210 metric 1
OR:
C:\>route add 10.0.1.6 mask 255.255.255.255 10.0.1.210

Irmoore,

Neither command works after the vpn is connected.  The error is:
"The route addition failed: The parameter is incorrect."

I can, however, add those routes before the vpn is connected, then establish the vpn, but I am still unable to communicate with the remote network.

Any other ideas?

It was a shot in the dark anyway . . .
I was following a logical path of what you thought you had read would work with a route statement. Obviously it doesn't work.
I'm out of ideas.

Interesting, playing with a PPTP connection and route print here, the  "route add 10.0.1.0 mask 255.255.255.0 10.0.1.210" is automatically applied when you un-check "use remote gateway", however, of course if the subnets were the same you wouldn't be able to connect to anything remotely.

As mentioned earlier., the only real solution is to change the subnet at one site, preferably the VPN server end.

Thanks for the suggestions everyone.

Indeed the last proposed solutions works. Thank you, RobWill.

The solution is to uncheck "Use default gateway on remote network" in Connection properties -> Network -> TCP/IP -> Advanced.  
When that option is unchecked consequences are:
- computers in local network aren't reachable, instead computers on other side of VPN connection are reachable.
- all other network traffic to Internet is not routed via VPN connection, i.e. the old real gateway is used  http://whatismyip.com shows the IP address supplied by your ISP.

When that option is checked consequences are:
- computers in local network are reachable, but computers on the other side of VPN connection are not reachable.
- all other network traffic to Internet is routed via VPN connection. http://whatismyip.com shows the destination IP address of VPN connection.

Only solution that would work would be to add another device on the local side to change the ip address to be different from the remote network.

One way of doing so is to add a router between the connection.

You can browse around the network if you use the FQDN when you look up your machine resources though. I have done this several times when I have had to work on clients with the same subnet as us.  That was from a workstation dialed into a client network.

Casey