Solved

Remote Desktop and VPN

Posted on 2009-07-16
7
533 Views
Last Modified: 2012-06-27
I can connect to our VPN successfully but I can not then remote desktop anywhere. The VPN connection is done using L2TP on smoothwall and I connect to 192.168.1.171 on the remote network. I then try to connect to 192.168.1.22 but I guess it is looking at my local network rather that the remote one. Any suggestions?
0
Comment
Question by:suroma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24870942
Are you saying the remote and local networks use 192.168.1.x?
If so that will not work. With a VPN the remote and local subnets must be different.
0
 

Author Comment

by:suroma
ID: 24871689
The subnet mask of the local network is 255.255.255.0 and the remote one 255.255.255.255??
But surely this would mean most VPN's wouldn't work as they are often between home networks and work networks and most home networks run on 192.168.1.x?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24871765
255.255.255.0 is the subnet mask. I am referring to the network ID or subnet.

If the office to which you are connecting uses a local subnet of 192.168.1.x and the home/client network uses the same the VPN will connect but you will not be able to access resources on the remote network. This is a basic rule of routing and why when setting up a corporate office it is important never to use a common/default subnet. The reason for this is packets are route by their network ID (Subnet to which they belong). If the home network uses 192.168.1.x (assuming subnet mask of 255.255.255.0) and the remote network uses the same, when a packet is destined for the remote network the routing devices see it as a local address and the packet is not forwarded.

The one exception to this is if you enable the "Use default gateway on remote network" option on the VPN client, you can usually access resources on the VPN server, but no other device on the remote network.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:suroma
ID: 24871976
OK I understand so my only option is to change the subnet of the domain here to say 192.168.0.x?
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 24872050
It is best to change the server site, but this can be a much bigger task. Make sure you plan carefully as to allow for DHCP scopes, printers, statically addressed devices, routers and so on.
If by any chance you are running Microsoft Small Business Server, you MUST use the change server IP wizard in the server management console.

However DO NOT use 192.168.0.x This is even more common that 192.168.1.x and you will have problems with mobile clients staying in hotels and such.
Avoid:
192.168.0.x
192.168.1.x
192.168.2.x
192.168.100.x
192.168.111.x
10.0.0.x
10.10.10.x
172.16.1.x
The above all assume you are using a subnet mask of 255.255.255.0
0
 

Author Closing Comment

by:suroma
ID: 31604255
That's spectacularly bad news!! Thanks for your help.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24872295
Thanks suroma.
It is a very common problem. Probably the most common problem on the VPN forums.
Cheers!
--Rob
0

Featured Post

Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question