Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SSIMON
New Contributor

Resolve ip conflict with fortigate vpn


Bonjour,

Je veux essayer de résoudre les conflits d'ip lorsque je suis sous vpn.
Mes utilisateurs ont besoin de se connecter en rdp à un serveur qui peut avoir la même ip que celui qu'ils ont chez eux.
être explicite ; L'exemple :
le serveur : 192.168.0.66
home ip :
192.168.0.66
Il m'a semblé qu'avec l'option "Enable Split Tunneling" il était possible d'éviter ce conflit.

 

Mais j'ai fait quelques tests, ça ne marche pas.

J'ai peut-être tort ?

Une idée ?

 

Merci

1 Solution
gfleming

Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).

 

VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.

 

Best case to solve this:

- Change your IP subnet internally (might be too much work)

- Get home user to change their IP subnet (might be too complicated)

- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet

Cheers,
Graham

View solution in original post

3 REPLIES 3
SSIMON
New Contributor

Hello,

I want to try to solve ip conflicts when i am on vpn.
My users need to connect in rdp to a server which may have the same ip as the one they have at home.
be explicit; The example :
the server: 192.168.0.66
homeip:
192.168.0.66
It seemed to me that with the option "Enable Split Tunneling" it was possible to avoid this conflict.

 

But I did some tests, it doesn't work.

Maybe I'm wrong?

An idea ?

 

Thanks

gfleming

Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).

 

VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.

 

Best case to solve this:

- Change your IP subnet internally (might be too much work)

- Get home user to change their IP subnet (might be too complicated)

- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet

Cheers,
Graham
SSIMON

Yes I totally agree with you, but sometimes we inherit an uncomfortable situation. The workload is not the same by forcing the vpn to go in one direction or changing the company's network address ;) Thank you for these details, they will have been precise to me.

Thks

Labels
Top Kudoed Authors