VPN IP address issue

Possible issue in the future if we get the client...

Both sites have same internal IP address 192.168.10/24 network
(who'd a thought) and these two sites will be connected
through a hardware VPN.

I am not the networking genius but I was trying to figure out a way
to NOT re-number either site because both sites have > 80 devices.

I am looking for pitfalls in putting two NIC's in a W2K3 standard
Terminal Server at the client site. This will be in a workgroup.

One NIC will use 192.168.10.5 for internal users and the
other NIC will use 10.2.4.5 for the VPN connection.

Does this sound feasible?

moncho

Add another NIC won't fix the problem. However, you may have two options, modifying the routing table and IPSec. The following are my collections,
Resolution for VPN server and client using the same IP range Resolution for VPN server and client using the same IP range. Q1: if both (VPN Client and server) locations have same ip eg: 192.168.1.0/ , we can't change ...
www.chicagotech.net/Q&A/vpn49.htm


Both VPN sites are in the same IP range VPN server and client are using the same IP but in different subnets · VPN Browsing Issues · VPN Logon Issues · VPN Name Resolution · VPN as Router ...
www.chicagotech.net/Q&A/vpn20.htm


VPN client receives the same ip of the server Q: The VPN client receives the same IP of the VPN server. I am using MS VPN Server on an XP Pro Node that is set to use DHCP Server to assign Incoming ...
www.chicagotech.net/Q&A/vpn30.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"moncho" <(E-Mail Removed)> wrote in message news:96Upf.37039$q%.(E-Mail Removed) om...
Possible issue in the future if we get the client...

Both sites have same internal IP address 192.168.10/24 network
(who'd a thought) and these two sites will be connected
through a hardware VPN.

I am not the networking genius but I was trying to figure out a way
to NOT re-number either site because both sites have > 80 devices.

I am looking for pitfalls in putting two NIC's in a W2K3 standard
Terminal Server at the client site. This will be in a workgroup.

One NIC will use 192.168.10.5 for internal users and the
other NIC will use 10.2.4.5 for the VPN connection.

Does this sound feasible?

moncho

Thanks for you suggestions, I took a look at the websites and saved
them for future reference. I will check with our networking company to
discover
a way.

I am just wondering why two nic's would not work?

What if I pointed the BroadBand/VPN connection to the
10.2.4.0/24 network only and not allow any of the internal
clients Internet access (they would be considered on another network)?

TIA

moncho
"Robert L [MS-MVP]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
Add another NIC won't fix the problem. However, you may have two options,
modifying the routing table and IPSec. The following are my collections,
Resolution for VPN server and client using the same IP range Resolution for
VPN server and client using the same IP range. Q1: if both (VPN Client and
server) locations have same ip eg: 192.168.1.0/ , we can't change ...
www.chicagotech.net/Q&A/vpn49.htm


Both VPN sites are in the same IP range VPN server and client are using the
same IP but in different subnets · VPN Browsing Issues · VPN Logon Issues ·
VPN Name Resolution · VPN as Router ...
www.chicagotech.net/Q&A/vpn20.htm


VPN client receives the same ip of the server Q: The VPN client receives the
same IP of the VPN server. I am using MS VPN Server on an XP Pro Node that
is set to use DHCP Server to assign Incoming ...
www.chicagotech.net/Q&A/vpn30.htm



Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"moncho" <(E-Mail Removed)> wrote in message
news:96Upf.37039$q%.(E-Mail Removed) om...
Possible issue in the future if we get the client...

Both sites have same internal IP address 192.168.10/24 network
(who'd a thought) and these two sites will be connected
through a hardware VPN.

I am not the networking genius but I was trying to figure out a way
to NOT re-number either site because both sites have > 80 devices.

I am looking for pitfalls in putting two NIC's in a W2K3 standard
Terminal Server at the client site. This will be in a workgroup.

One NIC will use 192.168.10.5 for internal users and the
other NIC will use 10.2.4.5 for the VPN connection.

Does this sound feasible?

moncho

Hi,

moncho wrote:
> I am just wondering why two nic's would not work?

The approach you suggest may be feasible if you only need the VPN tunnel for
exclusive communication between two servers. In that case, you probably
don't even need a second physical NIC -- you only need two addresses from a
different block, for the two tunnel endpoints. Each side can address the
other using opposite tunnel endpoint.

However, if you want to fully connect the two networks, where any machine on
either network could potentially talk to any machine on its local or remote
networks, you will have a routing problem. What you would normally do is
create a routing table entry designating the remote tunnel endpoint as the
gateway for packets destined to the remote network. Unfortunately, if the
remote network is the same as the local network, this is obviously not going
to work.

Certain esoteric designs, like many-to-many NAT on both ends of the tunnel,
theorethically could help, but that would be a lot more complicated than
renumbering and may not be possible on what you have available to work with.


--
Chris Priede

"Chris Priede" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi,
>
> moncho wrote:
>> I am just wondering why two nic's would not work?
>
> The approach you suggest may be feasible if you only need the VPN tunnel
> for exclusive communication between two servers. In that case, you
> probably don't even need a second physical NIC -- you only need two
> addresses from a different block, for the two tunnel endpoints. Each side
> can address the other using opposite tunnel endpoint.
>
> However, if you want to fully connect the two networks, where any machine
> on either network could potentially talk to any machine on its local or
> remote networks, you will have a routing problem. What you would normally
> do is create a routing table entry designating the remote tunnel endpoint
> as the gateway for packets destined to the remote network. Unfortunately,
> if the remote network is the same as the local network, this is obviously
> not going to work.
>
> Certain esoteric designs, like many-to-many NAT on both ends of the
> tunnel, theorethically could help, but that would be a lot more
> complicated than renumbering and may not be possible on what you have
> available to work with.
>

Thank you for the explanation. This puts alot into perspective.

I only need what you stated in your first paragraph. One machine
on our end to connect through the VPN to the server at their site.

Thanks again,

moncho