• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

VPN connection from 10.0.1.x network to 10.1.x.x network

Hi,

I'm staying in a hotel right now, and I want to connect to my office LAN via VPN (Checkpoint Securemote). Our local lan has a 10.1.x.x IP range (mask 255.255.0.0). The hotel network assings my PC a 10.0.1.x (mask 255.255.255.0) IP address. Now I can make a VPN connection from the hotel network to our VPN server (193.121.168.125), but I cannot get access to any of the computers in our office LAN.

Can I do something about this?

PAtrick
0
Patrick Elsen
Asked:
Patrick Elsen
  • 5
  • 2
  • 2
  • +2
4 Solutions
 
adamdrayerCommented:
assuming you are using some version of windows, try the following:

route add 10.1.0.0 mask 255.255.0.0 193.121.168.125

That is assuming it is a routing problem because your VPN server isn't creating this route for you.
0
 
netspec01Commented:
Since the two IP ranges are not overlapping, this should not be causing a problem.  If your VPN has worked before and no change have been made to the VPN setup, routing should not be an issue.  It is possible that the local network firewall/router you are connecting to is not allowing IPSEC to pass through properly.
0
 
adamdrayerCommented:
without knowing the subnet mask of the hotel network, you can't say whether the IP ranges are overlapping.  And since the VPN server is on a public interface, it's possible it does not supply any internal routing information with the VPN connection.  By default windows routes private addressing schemes over the local IP by specifying it as the gateway.  This needs to be changed in a VPN.

It could very well be something else though.  How do you normally connect from other places?
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
adamdrayerCommented:
sorry, I forgot he specified the mask for the hotel, but it's still worth a try since windows doesn't specify an external gateway by deafult for 10.x.x.x networks.
0
 
ITcrowCommented:
Use tracert command to find out, where it goes when you try to go to some of your office IP address.

Start => Run => tracert 10.1.x.x

Post the result, it will be helpful in assisting you.
0
 
Patrick ElsenICT Infrastructure ManagerAuthor Commented:
I'm running Windows XP SP2. If I connect from other places (no 10.x.x.x networks!), I just start my securemote VPN client, and whenever I try to reach any of the machines on my office LAN, securemote asks me to enter the password for my VPN certificate, and everything is working.

When I try to add the route I get this error:

"The route addition failed: Either the interface index is wrong or the gateway does not lie on the same network as the interface. Check the IP Address Table for the machine."

A tracert times out for all office LAN IP adresses without any information.

C:\>tracert 10.1.1.201

Bezig met het traceren van de route naar 10.1.1.201 via maximaal 30 hops

  1     *        *        *     Time-out bij opdracht.
  2     *        *        *     Time-out bij opdracht.
  3     *        *    


I start to think that I won't be able to make this VPN connection work from here...
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
Here are some things that might work.

If you authenticate properly to the VPN server and it puts you in the network, go to your VPN Properties, networking, TCP/IP properties, advanced, and see if there is a check in the box to use the default gateway on the remote network.  If it is not checked, then check it.  That should fix it.
0
 
netspec01Commented:
I havn't used the Checkpoint VPN client before but it may provide you some logging/diagnostic information.  Look for transmit and receive byte counts.  If you see unidriectional traffic flow (transmit byte count high, receive count low) it would indicate that return trffic is being blocked.
0
 
adamdrayerCommented:
you have to add that route when you are connected to the VPN
0
 
Patrick ElsenICT Infrastructure ManagerAuthor Commented:
According to information from my hardware vendor that implemented the Checkpoint firewall, it is not possible with the SecuRemote client to connect to my office lan from a lan that has an 10.x.x.x ip range.
0
 
adamdrayerCommented:
well I assume if that is true, then it's because SecuRemote is configured that way.  Not because it is impossible.  Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

  • 5
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now