VPN connection from 10.0.1.x network to 10.1.x.x network


I'm staying in a hotel right now, and I want to connect to my office LAN via VPN (Checkpoint Securemote). Our local lan has a 10.1.x.x IP range (mask The hotel network assings my PC a 10.0.1.x (mask IP address. Now I can make a VPN connection from the hotel network to our VPN server (, but I cannot get access to any of the computers in our office LAN.

Can I do something about this?

Patrick ElsenICT Infrastructure ManagerAsked:
Who is Participating?
adamdrayerConnect With a Mentor Commented:
without knowing the subnet mask of the hotel network, you can't say whether the IP ranges are overlapping.  And since the VPN server is on a public interface, it's possible it does not supply any internal routing information with the VPN connection.  By default windows routes private addressing schemes over the local IP by specifying it as the gateway.  This needs to be changed in a VPN.

It could very well be something else though.  How do you normally connect from other places?
assuming you are using some version of windows, try the following:

route add mask

That is assuming it is a routing problem because your VPN server isn't creating this route for you.
netspec01Connect With a Mentor Commented:
Since the two IP ranges are not overlapping, this should not be causing a problem.  If your VPN has worked before and no change have been made to the VPN setup, routing should not be an issue.  It is possible that the local network firewall/router you are connecting to is not allowing IPSEC to pass through properly.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

sorry, I forgot he specified the mask for the hotel, but it's still worth a try since windows doesn't specify an external gateway by deafult for 10.x.x.x networks.
ITcrowConnect With a Mentor Commented:
Use tracert command to find out, where it goes when you try to go to some of your office IP address.

Start => Run => tracert 10.1.x.x

Post the result, it will be helpful in assisting you.
Patrick ElsenICT Infrastructure ManagerAuthor Commented:
I'm running Windows XP SP2. If I connect from other places (no 10.x.x.x networks!), I just start my securemote VPN client, and whenever I try to reach any of the machines on my office LAN, securemote asks me to enter the password for my VPN certificate, and everything is working.

When I try to add the route I get this error:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

A tracert times out for all office LAN IP adresses without any information.


Bezig met het traceren van de route naar via maximaal 30 hops

  1     *        *        *     Time-out bij opdracht.
  2     *        *        *     Time-out bij opdracht.
  3     *        *    

I start to think that I won't be able to make this VPN connection work from here...
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerConnect With a Mentor IT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Here are some things that might work.

If you authenticate properly to the VPN server and it puts you in the network, go to your VPN Properties, networking, TCP/IP properties, advanced, and see if there is a check in the box to use the default gateway on the remote network.  If it is not checked, then check it.  That should fix it.
I havn't used the Checkpoint VPN client before but it may provide you some logging/diagnostic information.  Look for transmit and receive byte counts.  If you see unidriectional traffic flow (transmit byte count high, receive count low) it would indicate that return trffic is being blocked.
you have to add that route when you are connected to the VPN
Patrick ElsenICT Infrastructure ManagerAuthor Commented:
According to information from my hardware vendor that implemented the Checkpoint firewall, it is not possible with the SecuRemote client to connect to my office lan from a lan that has an 10.x.x.x ip range.
well I assume if that is true, then it's because SecuRemote is configured that way.  Not because it is impossible.  Thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.