Bonjour,
Je veux essayer de résoudre les conflits d'ip lorsque je suis sous vpn.
Mes utilisateurs ont besoin de se connecter en rdp à un serveur qui peut avoir la même ip que celui qu'ils ont chez eux.
être explicite ; L'exemple :
le serveur : 192.168.0.66
home ip :
192.168.0.66
Il m'a semblé qu'avec l'option "Enable Split Tunneling" il était possible d'éviter ce conflit.
Mais j'ai fait quelques tests, ça ne marche pas.
J'ai peut-être tort ?
Une idée ?
Merci
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).
VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.
Best case to solve this:
- Change your IP subnet internally (might be too much work)
- Get home user to change their IP subnet (might be too complicated)
- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet
Hello,
I want to try to solve ip conflicts when i am on vpn.
My users need to connect in rdp to a server which may have the same ip as the one they have at home.
be explicit; The example :
the server: 192.168.0.66
homeip:
192.168.0.66
It seemed to me that with the option "Enable Split Tunneling" it was possible to avoid this conflict.
But I did some tests, it doesn't work.
Maybe I'm wrong?
An idea ?
Thanks
Yes unfortunately overlapping subnets can cause big issues. Ideally we try to avoid using common home network subnets on enterprise-side (things like 192.168.0.X, 192.168.1.X, 192.168.254.X, 10.0.0.X, 10.1.1.X, etc).
VPN Split Tunnel enabling does help to some degree. It can do an OK job in handling overlapping subnets. But overlapping IP addresses will never work.
Best case to solve this:
- Change your IP subnet internally (might be too much work)
- Get home user to change their IP subnet (might be too complicated)
- Consider the use of NAT so that the user can access the remote resources using IP address in different subnet
Yes I totally agree with you, but sometimes we inherit an uncomfortable situation. The workload is not the same by forcing the vpn to go in one direction or changing the company's network address ;) Thank you for these details, they will have been precise to me.
Thks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.