VPN to RRAS problem when both network subnets in same IP space?

Posted on 2007-08-10
Last Modified: 2010-04-19
I've been in the Cisco world for so long, it's taking a little time to get abck into the Windows arena.  

I'm trying to get VPN working to a SBS 2003 server.  Company's local subnet is  RRAS is setup to hand VPN clients an IP address out of this IP subnet.  Majority of people's home networks is also  When I test from my home, which is subnet, I get to "verifying username and password" but then the connection times out.  If I change my subnet at home to a different /24, it works perfectly.  

It appears as though after the VPN connection establishes, the VPN client is looking for server and company resources on the local subnet, since the IP subnets are the same, and not tunneling communication with the server across the VPN tunnel??  What am I doing wrong?  Is there a setting I'm missing somehwere?  What's the easiest setup without having to hit several users' homes?

This is why I'm a fan of terminating VPN tunnels on the border device!
Question by:forthphaze
    LVL 7

    Accepted Solution

    anyway to change the netwrok's subnet? because vpn does not work correctly if at all when seeing the same address, that part is correct... but most people have defaults of 192.168.1.x??  unless you mean all your clients were configured that way on purpose to begin with... but most end user routers come default with a .1.1 address
    LVL 1

    Author Comment

    Sounds easy enough, but not a possibility right now, perhaps when they decide to get a new server or invest in a real firewall.  I just don't seem to ever remember running into this problem a few years back, I guess the "works out of box" firewall market has really standardized everyone'e local network config.
    LVL 3

    Assisted Solution

    Run the Change Server IP Address Wizard on the Internet and Email Tab on the Server Management Page.  Change your local subnet on the server to something like 192.168.16.X or something other than 192.168.0.x or 192.168.1.x..  Microsoft was smart to implement 192.168.16.X by default on the local lan in SBS 2003, later editions of course.    Plan out your subnet changes on the LAN to cover anything that might be coded in with your current config.  Hopefully that is not the case too much...God help you if programmers are involved..
    LVL 1

    Author Comment

    Since we're only dealing with about 10 remote users, I just told the company that users needs to change their home setups, and I'll be happy to help.  Company will pay me for those. Thanks.


    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Suggested Solutions

    I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
    I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video discusses moving either the default database or any database to a new volume.

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now