Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chethan
Contributor

FortiGate SSL-VPN

Hello Everyone,

 

   What happens if your office private network is [for example] configured with 192.168.0.0/24 subnet (gateway 192.168.0.1) and a remote user's home private network who is connecting to SSL-VPN (Tunnel Mode) using FortiClient VPN is also in 192.168.0.0/24 subnet (gateway 192.168.0.1)?

 

 - Will this create any issue or any confusion?

 - Scenario: File Server IP address at the office is 192.168.0.100 and remote user's home network consists of some device with IP address of 192.168.0.100 where will the request reach?

 - Should you configure different networks?

 

Thank You 

 

Chethan
NSE 4
ChethanNSE 4
2 REPLIES 2
TecnetRuss
Contributor

It will create a lot of problems with the VPN client connectivity, especially if you are trying to use split-tunneling and there are resources on both sides of the VPN tunnel that have conflicting IP addresses.  That's why as a general rule I always recommend customers use 10.0.0.0/8 or 172.16.0.0/12 private IP addresses for corporate LANs.  If you have to use 192.168.0.0/16 on the corporate LAN, at least avoid using the 192.168.0.0/24 or 192.168.1.0/24 subnets most commonly used on home networks.

 

I'd strongly recommend you change your corporate LAN subnet(s) if possible.  It's worth the effort and will save you a lot of grief in the long run.

 

Russ

NSE7

chethan

Thank You for replying, 

 

I ran into the this issue today, The connection to internal server did work when I connected to SSL-VPN from other network, that's why I had to clarify it.

 

Chethan
NSE 4
ChethanNSE 4
Labels
Top Kudoed Authors