[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 537
  • Last Modified:

VPN to RRAS problem when both network subnets in same IP space?

I've been in the Cisco world for so long, it's taking a little time to get abck into the Windows arena.  

I'm trying to get VPN working to a SBS 2003 server.  Company's local subnet is  RRAS is setup to hand VPN clients an IP address out of this IP subnet.  Majority of people's home networks is also  When I test from my home, which is subnet, I get to "verifying username and password" but then the connection times out.  If I change my subnet at home to a different /24, it works perfectly.  

It appears as though after the VPN connection establishes, the VPN client is looking for server and company resources on the local subnet, since the IP subnets are the same, and not tunneling communication with the server across the VPN tunnel??  What am I doing wrong?  Is there a setting I'm missing somehwere?  What's the easiest setup without having to hit several users' homes?

This is why I'm a fan of terminating VPN tunnels on the border device!
  • 2
2 Solutions
anyway to change the netwrok's subnet? because vpn does not work correctly if at all when seeing the same address, that part is correct... but most people have defaults of 192.168.1.x??  unless you mean all your clients were configured that way on purpose to begin with... but most end user routers come default with a .1.1 address
forthphazeAuthor Commented:
Sounds easy enough, but not a possibility right now, perhaps when they decide to get a new server or invest in a real firewall.  I just don't seem to ever remember running into this problem a few years back, I guess the "works out of box" firewall market has really standardized everyone'e local network config.
Run the Change Server IP Address Wizard on the Internet and Email Tab on the Server Management Page.  Change your local subnet on the server to something like 192.168.16.X or something other than 192.168.0.x or 192.168.1.x..  Microsoft was smart to implement 192.168.16.X by default on the local lan in SBS 2003, later editions of course.    Plan out your subnet changes on the LAN to cover anything that might be coded in with your current config.  Hopefully that is not the case too much...God help you if programmers are involved..
forthphazeAuthor Commented:
Since we're only dealing with about 10 remote users, I just told the company that users needs to change their home setups, and I'll be happy to help.  Company will pay me for those. Thanks.


Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now