Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SSIMON
New Contributor

Created on ‎11-03-2022 07:59 AM

Resolve ip conflict with fortigate vpn


Bonjour,

Je veux essayer de résoudre les conflits d'ip lorsque je suis sous vpn.
Mes utilisateurs ont besoin de se connecter en rdp à un serveur qui peut avoir la même ip que celui qu'ils ont chez eux.
être explicite ; L'exemple :
le serveur : 192.168.0.66
home ip :
192.168.0.66
Il m'a semblé qu'avec l'option "Enable Split Tunneling" il était possible d'éviter ce conflit.

 

Mais j'ai fait quelques tests, ça ne marche pas.

J'ai peut-être tort ?

Une idée ?

 

Merci

Labels:
2115
0 Kudos
1 Solution
gfleming
Staff
Staff
In response to SSIMON

Created on ‎11-03-2022 09:48 AM

Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).

 

VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.

 

Best case to solve this:

- Change your IP subnet internally (might be too much work)

- Get home user to change their IP subnet (might be too complicated)

- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet

Cheers,
Graham

View solution in original post

2098
0 Kudos
3 REPLIES 3
SSIMON
New Contributor

Created on ‎11-03-2022 08:21 AM

Hello,

I want to try to solve ip conflicts when i am on vpn.
My users need to connect in rdp to a server which may have the same ip as the one they have at home.
be explicit; The example :
the server: 192.168.0.66
homeip:
192.168.0.66
It seemed to me that with the option "Enable Split Tunneling" it was possible to avoid this conflict.

 

But I did some tests, it doesn't work.

Maybe I'm wrong?

An idea ?

 

Thanks

2108
0 Kudos
gfleming
Staff
Staff
In response to SSIMON

Created on ‎11-03-2022 09:48 AM

Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).

 

VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.

 

Best case to solve this:

- Change your IP subnet internally (might be too much work)

- Get home user to change their IP subnet (might be too complicated)

- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet

Cheers,
Graham
2099
0 Kudos
SSIMON
New Contributor
In response to gfleming

Created on ‎11-04-2022 01:09 AM

Yes I totally agree with you, but sometimes we inherit an uncomfortable situation. The workload is not the same by forcing the vpn to go in one direction or changing the company's network address ;) Thank you for these details, they will have been precise to me.

Thks

2088
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.