vpn ipsec connection with same subnet

Forum|Forum|9 years ago
January 1, 2017
1 reply
9910 views

Hello, can you please help me about this;

HQ-office fortigate internal ip is 192.168.2.1/255.255.255.0

outside forticlient windows os has same subnet ip: 192.168.2.22 gateway dsl modem ip: 192.168.2.1

forticlient can establish ipsec vpn connection but unable to ping any ip from HQ-office.

what is the best and quick solution without changing client dsl ip settings?

thanks

ede_pfau

SuperUser

You should try to set up DHCP for your IPsec clients and assign an unused IP range like 10.200.199.x/24.

Although 192.168.[0-2].x/24 is a particularily unwise choice for a network address space collisions like this can theoretically always happen. For this reason a mechanism was devised to let the HQ choose the client IP address, DHCP over IPsec. The HQ FGT will create a host route dynamically on dial-in.

MikePruett

New Member

Yeah, you can have them pull from a pool on connection.

You are going to want to use full tunnel to help alleviate the issue as well. Otherwise, you are looking at NAT etc.

sermetAuthor

New Member

my ipsec clients get ip addresses like 192.168.222.100-200 which is not conflict with 192.168.2.x

i solve my problem by manually deleting 192.168.2.0 route in clients after connecting ipsecvpn.

is there any option like that in forticlient to do that automatically? and after disconnecting ipsec restore routing table

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded