- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vpn ipsec connection with same subnet
Hello, can you please help me about this;
HQ-office fortigate internal ip is 192.168.2.1/255.255.255.0
outside forticlient windows os has same subnet ip: 192.168.2.22 gateway dsl modem ip: 192.168.2.1
forticlient can establish ipsec vpn connection but unable to ping any ip from HQ-office.
what is the best and quick solution without changing client dsl ip settings?
thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should try to set up DHCP for your IPsec clients and assign an unused IP range like 10.200.199.x/24.
Although 192.168.[0-2].x/24 is a particularily unwise choice for a network address space collisions like this can theoretically always happen. For this reason a mechanism was devised to let the HQ choose the client IP address, DHCP over IPsec. The HQ FGT will create a host route dynamically on dial-in.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah, you can have them pull from a pool on connection.
You are going to want to use full tunnel to help alleviate the issue as well. Otherwise, you are looking at NAT etc.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
my ipsec clients get ip addresses like 192.168.222.100-200 which is not conflict with 192.168.2.x
i solve my problem by manually deleting 192.168.2.0 route in clients after connecting ipsecvpn.
is there any option like that in forticlient to do that automatically? and after disconnecting ipsec restore routing table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When I disconnect from FortiClient it removes any added routes from my system. It doesn't always do it cleanly but it certainly tries.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I have the same situation. FG-60E with FortiOS 5.6.4 Is there another easy option to resolve this problem? Or must I change IP of HQ-Office?