Link to home
Start Free TrialLog in
Avatar of Kaptain1
Kaptain1Flag for United States of America

asked on

Changing LAN subnet to eliminate VPN conflicts

Hi Experts!

'I think' I need to change my LAN subnet (perhaps at least the last 2 octets of the LAN IP ex: 192.168.x.x).

As i understand, my LAN subnet should be different from the LAN subnet that's on the other side of the VPN tunnel. ex:(my side = 192.168.2.0 , VPN side = 192.168.3.0)

I'm fairly new to the VPN field, is this somewhat correct?

I'm using Kerio VPN client (i believe it's ssl based, and is in 'Tunnel' model (not ethernet bridging)). So it gives me a VPN IP address, w/o gateway - which is fine i believe. However, i can't access LAN if subnet that i'm connect to is the same as one on my LAN (it won't work if my side = 192.168.1.0, VPN side = 192.168.1.0)

Am i on the right track?
Which LAN subnet should i switch to so that there's less chance people will find similar one (to connect from) and have problems connecting.
By LAN 'subnet' i mean LAN address ex: 192.168.1.0 :), not subnet mask.

I've set-up this VPN access through Kerio WinRoute firewall that will allow people to connect to LAN resources from home and while on the road.

Thank You
ASKER CERTIFIED SOLUTION
Avatar of NetAdmin2436
NetAdmin2436
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
wait, scratch that.

192.168.1.0 and 192.168.2.0 should work. Nevermind my second sentence. You would be fine, but you might want to use a non-standard subnet mask anyways.
Avatar of Kaptain1

ASKER

wow, you just scared me there for a moment (until i read your second post lol).

So i can pretty much choose something like:
192.168.5.0 ?

I just want to make sure the same subnet isn't being used wherever users will be using VPN from... (it'll be a VPN access for remote users, not site to site VPN).

I'm not sure if i'm ready (knowledge wise) to divide my LAN into subnets yet, we have an office of 30 employees on 1 subnet, and i think that should work OK...

I read that 'subnetting' chapter in my Cisco book once, but i need to re-read it, it's not easy to fully understand :)

Any more ideas?

Thank You
SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks Rob,

So i guess i'll keep it more 'conservative' and change it to 192.168.2.x (now it's using the famous 192.168.1.0). Luckily, i've assigned all IP's to MAC addresses, so it's just a matter of me sitting down at the Gateway and carefully switching everything to 192.168.2.0 subnet.

There was no VPN server installed in that office before, this is the first one i'm setting up right now.

I really appreciate for clarifying A LOT of the subnetting and VPN confusion that i had before.
Thanks!
If you are going to change it I would uses something even less common that 192.168.2.x

I manage a lot of VPN's, mostly so that I keep my head straight I tend to use the last two digits of their street address. For example if the business is 432 Maple St. I use 192.168.32.x   Just food for thought.

Thanks Kaptain1. And, good luck with the project.
Cheers !
--Rob