We have a SonicWall TZ500 at work and the SSLVPN will not allow me to access any of the work servers remotely after connecting. I'm actually in a situation where the home network is 192.168.1.x same as my office network 192.168.1.x. That is what VPN tunnels are for, taking care of NAT (Network Address Translation) Opens a new window. If you don't get the picture or have any other questions you can ask but needless to say you can use whatever IP range you want and it will never be affected by remote sites. This way, the Maryland Firewall cares less what IP range is behind the remote firewall because it only cares about the gateway at the remote site.
You will see that to each firewall, the remote device takes on it's ISP's public IP address with a port number. I just whipped up a little visio explaining how 4 differnt VPN sites with computers with IP addresses of 192.168.1.100 could all talk to a server with the same IP address in Maryland. So, like said, stay away from typical home user ranges, and it'll take care of the bulk of those issues sure what to tell you except this appears to be a very misunderstood part of our lives. In the above example, if the "pool" is configured as the same network number as a home user, there is indeed a potential for issues. when the home user connects, he gets an address in the 10.0.1.0/24 network and a route to 10.0.0.0/24 via the 10.0.1.0/24 gateway (in OpenVPN's routed setup, each client connection gets a /30 subnetted out from the assigned "pool" - first usable used as the OpenVPN server (and what the client uses as the gateway for the office's network), other usable being the client's VPN IP).
IE the office network is 10.0.0.0/24, the user at home has an internal network of 192.168.0/24, and the vpn network/"pool" is 10.0.1.0/24. In some implementations of SSL VPNs, the clients aren't bridged (on the same network scheme as the office's network), but rather routed. I don't know about sonicwall's implementation, but various replies lead me to believe that it's your general SSL VPN client. 1īest to avoid 192.168 completely except for private (non routed) segments. Technically this can still be overcome but not with split tunneling which most folks want to use.īest practice is to avoid typical home user ranges in a corp environment i.e. What is important is that you do not use 192.168.1.0 in your office environment. As explained by various posts, the fact that many home users use 192.168.1.0 will not matter as actually they appear using their ISP public ip address via NAT.
0 kommentar(er)
