How to resolve a VPN problem where the HOME and CORPORATE networks are same IP Subnet Scheme

Hello.  I am trying to find out if there is a way to resolve a VPN routing issue that some of my users are having, by using routing commands on the user's machine, or something similar to that.  In short - I don't want to have to change the network scheme on either end, and also want to keep the VPN software intact, if possible.  The software the users are using is Cisco Client VPN 5.1.  Its outdated, but working for most all of our users.  Its only a handful who have suddenly started having an issue with routing their Outlook email and network drive requests, and I've narrowed it down to being an issue with their home network clashing with our corporate network, and the one thing the users with the problem have in common is they are all using the 192.168.1.x scheme, which is identical to the corporate network.  When they are traveling, and on different networks (hotels, hot spots, etc), they do not have the issue.  So I'm convinced it is the matching IP subnet that is causing the issue.  Is there a way to use a ROUTE command or something else, local to the specific users who are having the problem, to allow them to work, without affecting the rest of the user base?  

Thanks for your help
Damian_GardnerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Prashant ShrivastavaConsultantCommented:
you can't use vpn between same sub-net unless using one IP for internal use and another IP for VPN. Same subnet will not allow the traffic to flow as it will consider both server requester is in the same local network.

However there is a way to configure VPN in transparent mode that may fit your purpose.
0
kadadi_vIT AdminCommented:
@ your office you can use IP NAT option . If you are using Router or firewall please check you have the NATed LAN option in VPN setup options. So you can create the local subnet like 192.168.3.0 nated to 192.168.1.0.

Please check this URL also :
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13770-1.html

Regards,
VK
0
CompProbSolvCommented:
I realize that it is likely too late for this, but I've gotten in the habit of not using 192.168.1.x or 192.168.0.x or 10.0.0.x for any new LANs that I set up.  Though you can work around the VPN issue (as suggested above) I think it is better to just avoid it.
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Oliver KaiserSystems EngineerCommented:
To work around the issue you would have to use NAT. Since both network ranges are the same traffic would never be routed since both end devices would think that the DST ip address is within their own subnet.

To solve this issue you could use NAT to translate the address ranges on both sites.

e.g.

Main Office: 192.168.0.0/24  -> 192.168.1.0/24
Branch Office: 192.168.0.0/24 -> 192.168.2.0/24
0
JohnBusiness Consultant (Owner)Commented:
For one client (and one only) with a common internal IP address, we ask home users to change. If we know the make of the router, we can advise them how to make the change and it is not that hard.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Damian_GardnerAuthor Commented:
Thanks to everyone who offered some help.  I see several ideas - NAT, or have the home user change, transparent mode, or avoid it altogether.   I appreciate the help, and will figure out what the best option is.  I'll split the points up.

thanks again
0
JohnBusiness Consultant (Owner)Commented:
@Damian_Gardner - You are very welcome and I was happy to help.
0
Damian_GardnerAuthor Commented:
thanks John.  Appreciate it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.