Hello Everyone,
What happens if your office private network is [for example] configured with 192.168.0.0/24 subnet (gateway 192.168.0.1) and a remote user's home private network who is connecting to SSL-VPN (Tunnel Mode) using FortiClient VPN is also in 192.168.0.0/24 subnet (gateway 192.168.0.1)?
- Will this create any issue or any confusion?
- Scenario: File Server IP address at the office is 192.168.0.100 and remote user's home network consists of some device with IP address of 192.168.0.100 where will the request reach?
- Should you configure different networks?
Thank You
It will create a lot of problems with the VPN client connectivity, especially if you are trying to use split-tunneling and there are resources on both sides of the VPN tunnel that have conflicting IP addresses. That's why as a general rule I always recommend customers use 10.0.0.0/8 or 172.16.0.0/12 private IP addresses for corporate LANs. If you have to use 192.168.0.0/16 on the corporate LAN, at least avoid using the 192.168.0.0/24 or 192.168.1.0/24 subnets most commonly used on home networks.
I'd strongly recommend you change your corporate LAN subnet(s) if possible. It's worth the effort and will save you a lot of grief in the long run.
Russ
NSE7
Thank You for replying,
I ran into the this issue today, The connection to internal server did work when I connected to SSL-VPN from other network, that's why I had to clarify it.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.