VPN problem! remote net using same ip range?

  • Thread starter Thread starter djc
  • Start date Start date
D

djc

I had a user call with problems working remotely. They connect and login via
VPN with no problem but Outlook 2000 is unable to communicate with the
exchange 2000 server? (exchange server unavailable message). I noticed that
the remote network (a hotel) has assigned the remote computer an address
that is in the same range as our own internal network? BUT the remote client
IS able to ping the exchange server both by name and IP. Could the remote
network using the same IP config as our own internal network cause problems?
How does the machine know what adapter to use when trying to communicate
with our internal network?

any info on this would be greatly appreciated... I'm not sure how to
proceed. NOTE: client is using xp sp2 but the problem occurs even with the
firewall OFF.
 
posting the result of ipconfig /all here may help.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
user is unavailable at the moment.. will post when I can. Any general bytes
of wisdom just based on knowing both remote and local network are using the
same private IP range? I'm at a loss right now and unfortunately, at least
at the moment, I cannot re-create the scenario to start pounding on it
myself. So i'm trying to get as much info on the subject as I can now so I
can hopefully make it work later when the user calls back.

thanks for the reply and I will post the ipconfig /all output here when I
can... any info in the meantime is appreciated as well.

thanks again.
 
Theoretically, that will not work if both remote LAN and local LAN have the
same ip range. what you can try is modifying the routing table to force the
VPN client talk to the email server directly.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
could this situation also pose a security risk since a users vpn adapter
will have an ip that is accessible by all on that local lan then?
 
maybe if the ip routing is enabled.

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
It isn't really a security problem, because nothing will ever cross the
link. If the local IP subnet is the same as the remote subnet, nothing will
ever get to the VPN interface. If there is data to be sent to a machine in
the same IP subnet, TCP/IP will try to deliver it locally, using the LAN NIC
and hardware addressing. It will not try to route it.
 
Bill,

Thank you for the input. However, what we are talking about is after
modifying the routing. The following example shows that pathping 10.0.0.3
goes to 10.0.0.3 directly. After modifying the routing, it passes through
10.0.100.2 and then goes to 10.0.0.3.

C:\Documents and Settings\blin>pathping 10.0.0.3

Tracing route to mail.chicagotech.net [10.0.0.3]
over a maximum of 30 hops:
0 attbi1073 [10.0.0.25]
1 mail.chicagotech.net [10.0.0.3]

C:\Documents and Settings\blin>route add 10.0.0.3 mask 255.255.255.255
10.0.100.2

C:\Documents and Settings\blin>pathping 10.0.0.3

Tracing route to mail.chicagotech.net [10.0.0.3]
over a maximum of 30 hops:
0 attbi1073 [10.0.0.25]
1 10.0.100.2
2 mail.chicagotech.net [10.0.0.3]

--
For more and other information, go to http://www.ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net
Networking Solutions, http://www.chicagotech.net/networksolutions.htm
VPN Solutions, http://www.chicagotech.net/vpnsolutions.htm
VPN Process and Error Analysis, http://www.chicagotech.net/VPN process.htm
VPN Troubleshooting, http://www.chicagotech.net/vpn.htm
This posting is provided "AS IS" with no warranties.
 
Back
Top