Link to home
Create AccountLog in
Avatar of jsstanley
jsstanleyFlag for United States of America

asked on

VPN accessing two IP ranges

I have two address ranges in our building.  

The primary one is   The subnet is and the gateway is  It consists of our Small Business Server 2003, fileservers and all of our network workstations and printers.  All nodes are attached to  a Linksys router that is set up as a DMZ behind a Comcast Business gateway

The second range is  The subnet is and the gateway is   It consists of IP addressable hardware that we sell.  It is a test network.  The router's WAN port is attached to the Domain so the "test" network can have access to the web, and so that computers on the network can access the web interface built into the router.

I have one user that accesses both of these networks from his workstation using two NICs.  

This user routinely access the 10.0.0.x network via VPN from job sites and home.  He wants to be able to access devices on both networks via VPN.  

How can this be accomplished?
Avatar of Qlemo
Flag of Germany image

It should be sufficient if both gateways know of the other's network (have according routes). I assume VPN ip addresses are out of network. When other ip addresses are used, those must be routed on the, too.
Avatar of jsstanley


Yes, all my VPN users authenticate onto the SBS server on the network.  Where/How do you suggest I create a route to both networks?
Easist way is to define necessary routes on gateways only, and to define those (local) gateways as default gateways on the corresponding network side.
I still do not have a resolution.

If I give myself a static IP on the 10.1.22.x range, I can access all resources on the internet and on my 10.0.0.x network.  But, if I use an IP handed to me by the SBS server (10.0.0.x) I'm unable to touch the 10.1.22.x network.

How can I establish a route in the SBS to the 10.1.22.x network, so my users with an IP of 10.0.0.x will be able to use resources on the 10.1.22.x network?

I believe if I can establish a route on the SBS, my VPN users will have access to the resources on the 10.1.22.x network after they authenticate onto the SBS (  Can anyone help with this?
Ok, I see, this is not as easy as I thought first. You would have to set an additional route on Linksys - but I don't think you can do that.

Next idea - change LinkSys net / 8   (= That way, it will post all data for any 10.x address onto the internal network. On the 10.1.x router, you will have to do the same, so packets are sent back.

Is this really the solution? Many nodes on the 10.1.22.x network have static IPs.  Changing the subnet would require me to touch each node.  Also I would have to reconfigure domain info.  I really dont want to break my network.......

Do you have any other ideas?
Please reread my writings. You only have to apply changes to at least the Linksys router (the change to test router should not be necessary as it has two interfaces).
The router only lets me configure the last octet.  I can not manually enter the subnet........
Are you able to set a route in Linksys for  10.1.22.x with gateway address of WAN port of the test router?
All domain PCs are handed an IP via the SBS.  DHCP is configured to hand out a subnet of  I tried hard coding my IP with subnet of and I was able to touch devices on the 10.1.22.x network with an IP of 10.0.0.x.  This does not solve my original problem with being able to access the test network via VPN.

The next step is to change settings in the SBS.  Unfortunately Im unable to make any changes to SBS at this time.  I would like to keep this discussion open until Im unable to make changes to the SBS.

Although a solution was not handed to me, I believe you(Qlemo) should be awarded the points because you got be thinking in the right direction.

I'll post again soon if I have found a solution or need further assistance.
Avatar of Qlemo
Flag of Germany image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account