Routing Question

We have a client that is in a bit of a pickle right now. They have two sites. A main location (location A) and a satellite location (location B). They are connected via a Branch VPN tunnel through two watchguard firewalls.

Location A is using a 192.168.10.0/24 network.
Location B is using a 192.168.1.0/24 network.

We are having trouble giving remote (home) users access to a server at site B. Unfortunately these home users are also on a 192.168.1.0 network which I assume is why we are having the problem. The home users vpn into location A via RRAS. Are we completely screwed because the home users are on the same network as location B which is the location with the server they are trying to access remotely? Wouldn't it be possible to create a static route on the home users PC saying that all traffic destined for 192.168.1.15 - use 192.168.10.1 as a gateway? I did try this but it didn't work.

I'm desperate to find a temporary way to get the home users access to the location B. I realize that we will need to re-ip location B - however we can't do that immediately.
StarfishTechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
The easiest short term way to fix this is to ask home users to change their subnet from .1 to (say) .25.   Ask them for the make of their router, look up the documentation and give them directions on how to change. I have do this before and it works.
0
mikebernhardtCommented:
The problem isn't just at the home users end, it also at Location B. Location B will NEVER send traffic to 192.168.1.0 anywhere but local because it believes it's local. It never hits a router to be redirected anywhere. Same for the home user.

If your VPN equipment at Location A can support it, I would suggest doing 2-way NAT for the remote users. That way your locations will see user traffic as something other than 192.168.1.x.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bryant SchaperCommented:
What about routing all traffic over the VPN, once the user connects, ie this would be internet and LAN traffic, then 192.168.1.x is all in the same network.

Was looking at assigning a unique DHCP scope to RRAS, but I am not seeing anything yet
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I'm assuming clients are able to contact any IP in location A.

Since the clients dial in with RRAS, they should get a NATted address of location A anyway (either via DHCP or from a static RAS address pool). Let's assume the client gets 192.168.10.254.
A route of 192.168.1.15 via 192.168.10.1 should work then. The client sends data with a source IP of 192.168.10.254, RRAS listens to all traffic for that IP and acts as a proxy for it to be able to forward traffic back to the RRAS client.

But if you have set up RRAS to use a different network, say 192.168.254.0/24, and not put the correct routes into the default gateway of B, reply traffic cannot flow back to RRAS and hence to the home users.

For diagnostics, set the route on a client while connected, and start a
  tracert -d -w 100 192.168.1.15
to see which way packets go, and which router/devices responds last.
0
StarfishTechAuthor Commented:
qlemo, you are correct. Clients are able to access anything on the 10.x network. When the client connects in with RRAS, they get a 10.x IP.

Bryant, I do have the "route all traffic over VPN" selected in the VPN settings of their MAC.
0
Bryant SchaperCommented:
shot in the dark, check this out.  Seems to fix your problem, and you could use 172.16.1.x 255.255.255.0 for the range, nobody seems to use it at home

http://technet.microsoft.com/en-us/library/dd469667.aspx
0
vivigattCommented:
Basically and if you want to keep things simple, you can't have 2 networks that are interconnected (routing enabled) and that have the same subnet.
The easiest way is for you to use another subnet than 192.168.1.0 for your professional networks, since 192.168.1 (and 192.168.0) are usually used by home users.
This is a good practice when setting a network that users will have to remotely connect to to avoid IP subnets usually used by home users.
Use 192..168.192.0 or a class B (172.16.x.x) and you should usually be safe.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.