VPN Configuration Guide. Dealing with Identical Local and Remote Network Addresses



Similar documents
VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

VPN Configuration Guide. Dell SonicWALL

VPN Configuration Guide. Linksys (Belkin) LRT214 / LRT224 Gigabit VPN Router

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

VPN Configuration Guide LANCOM

VPN Configuration Guide D-Link DFL-800

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

VPN Quick Configuration Guide. Astaro Security Gateway V8

VPN Configuration Guide DrayTek Vigor / VigorPro

VPN Configuration Guide WatchGuard Fireware XTM

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

VPN Configuration Guide. Parallels Remote Desktop for Mac

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

VPN Configuration Guide. Cisco ASA 5500 Series

VPN Configuration Guide D-Link DFL-200

VPN Configuration Guide Linksys RV042/RV082

VPN Tracker for Mac OS X

For extra services running behind your router. What to do after IP change

VPN Tracker for Mac OS X

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Chapter 3 Security and Firewall Protection

VPN Tracker for Mac OS X

VPN Configuration Guide Netgear FVS338 / FVX538 / FVS124G

Configuring a customer owned router to function as a switch with Ultra TV

Supporting Multiple Firewalled Subnets on SonicOS Enhanced

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

VPN Tracker for Mac OS X

RAP Installation - Updated

Accessing Remote Devices via the LAN-Cell 2

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

VPN Configuration Guide. AVM FRITZ!Box

Configuration Example

CORE Enterprise on a WAN

LAN TCP/IP and DHCP Setup

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Remote Firewall Deployment

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

1 PC to WX64 direction connection with crossover cable or hub/switch

Configuring PPP And SIP

Chapter 4 Customizing Your Network Settings

Using Remote Desktop Software with the LAN-Cell

Chapter 4 Customizing Your Network Settings

Lab Configuring Access Policies and DMZ Settings

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

IP Address and Pre-configuration Information

Chapter 7 Troubleshooting

How to Open HTTP or HTTPS traffic to a webserver behind the NetVanta 2000 Series unit (Enhanced OS)

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

How to Guide: StorageCraft Cloud Services VPN

Next Generation Network Firewall

User Manual. Page 2 of 38

CORE 9 on a WAN. CORE on a Wide Area Network (WAN)

PFSENSE Load Balance with Fail Over From Version Beta3

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Using Remote Desktop Software with the LAN-Cell 3

PePWave Surf Series PePWave Surf Indoor Series: Surf 200, AP 200, AP 400

The Bomgar Appliance in the Network

Barracuda Link Balancer

Firewall VPN Router. Quick Installation Guide M73-APO09-380

IP Office Technical Tip

Fireware Essentials Exam Study Guide

F-SECURE MESSAGING SECURITY GATEWAY

Meraki MX50 Hardware Installation Guide

Configuring WAN Failover & Load-Balancing

How To Configure Apple ipad for Cyberoam L2TP

Digi Connect WAN Application Helper Configuring and Testing the Digi Connect WAN GSM

Chapter 1 Configuring Basic Connectivity

BiPAC 7404V series. VoIP/(802.11g) ADSL2+ (VPN) Firewall Router. Quick Start Guide

LinkProof DNS Quick Start Guide

emerge 50P emerge 5000P

Application Note Configuring the UGate 3000 for use with ClipMail Pro and ClipExpress

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Configuring a VPN for Dynamic IP Address Connections

Quick Installation Guide DAP Wireless N 300 Access Point & Router

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Network Configuration Settings

Polycom. RealPresence Ready Firewall Traversal Tips

GWA501 package contains: 1 Wireless-G Broadband Gateway 1 Power Adapter 1 Ethernet Cable 1 Manual CD 1 Quick Start Guide 1 Warranty/Registration Card

Multi-Homing Security Gateway

VPN Tracker for Mac OS X

Broadband Router ESG-103. User s Guide

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Wireless G Broadband quick install

Broadband Phone Gateway BPG510 Technical Users Guide

Figure 41-1 IP Filter Rules

Savvius Insight Initial Configuration

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

ENDIAN Topologies Setup of different Network topologies with Endian Firewalls

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

Barracuda Link Balancer Administrator s Guide

(1) Network Camera

Network Guide. Windows Configuration Using a Printer Server Monitoring and Configuring the Printer Appendix

BT Business Total Broadband with Intelligent Gateway

R4: Configuring Windows Server 2008 Network Infrastructure

How to configure WFS (Windows File Sharing ) Acceleration on SonicWALL WAN Acceleration Appliances

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Transcription:

VPN Configuration Guide Dealing with Identical Local and Remote Network Addresses

equinux AG and equinux USA, Inc. 2009 equinux USA, Inc. All rights reserved. Under the copyright laws, this manual may not be copied, in whole or in part, without the written consent of equinux AG or equinux USA, Inc. Your rights to the software are governed by the accompanying software license agreement. The equinux logo is a trademark of equinux AG and equinux USA, Inc., registered in the U.S. and other countries. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies. equinux shall have absolutely no liability for any direct or indirect, special or other consequential damages in connection with the use of the quick setup guide or any change to the router generally, including without limitation, any lost profits, business, or data, even if equinux has been advised of the possibility of such damages. Every effort has been made to ensure that the information in this manual is accurate. equinux is not responsible for printing or clerical errors. Created using Apple Pages. www.equinux.com 2

Introduction The flexibility of VPN Tracker 6 allows your Mac to connect to a great many different VPN gateways with ease. Whether connecting to your home-office or to a multinational corporate network, VPN Tracker connects you, regardless of where you are in the world. However, in some situation, the configuration of the local network may conflict with your VPN. This guide shows you how to recognize the problem, and how to resolve it. Recognizing the Problem If you cannot connect to your VPN, VPN Tracker s log will show you, where the problem is. If you see a message Identical Network Addresses there, then this guide is for you. This guide is split in two parts: The first part shows you how to resolve the conflict between local and remote network, and get connected to any VPN gateway The second part shows another method of working around this conflict specifically for SonicWALL VPN gateways. Other VPN gateways may have similar means of configuration, so if you re the administrator of a different VPN gateway, you might still want to take a look to see if you can maybe transfer some of this to your own VPN gateway 3

Getting Connected Why have you received this error message? There are three possible reasons why you are receiving this error message: 1. The local network you are connecting from is using the same network address as your remote VPN network Example: Your home network is using the same network address (e.g. 192.168.1.0/24 1 ) as the remote network, to which you are connecting. Since private networks are not unique world-wide, and many routers come with the same network set by default, this can easily happen. Solution: Either change the network addresses used by your local network, or change the remote network (see next page for a more detailed discussion) 2. You are physically connected to the remote network to which you are trying to connect, and therefore don t need the VPN connection Example: You are connecting to your office network through VPN, while at the office Solution: Find another Internet connection to test (e.g. at home, at an Internet café, ) 3. A virtual or unused network is configured on your Mac is using the same network address as your VPN s network Example: The virtual network interfaces installed by Parallels or VMware are using the same network address, as your VPN s remote network. This poses a conflict, even though you may not actually be running your virtualization software at this moment Solution: Change the network address used by your virtualization software s virtual network interfaces. Why is this an issue? As a VPN client, VPN Tracker 6 must decide what information (data) should go over the VPN connection to your remote network and what data is to stay on your local network. For example, your VPN connection may be set up to retrieve your work email account and access your company s intranet website, but not to carry personal web-surfing over the remote network at your office. VPN Tracker must use the pre-defined network addresses to make these decisions for you. An issue arrises if your local network address is the same as your remote network because VPN Tracker cannot determine what data is to go over the remote network and what is to stay on your local network. In order to ensure your Mac is not cut off from services at your current location, VPN Tracker does not connect to the remote network. 1 Depending on your router, this may instead be written as 192.168.1.0 / 255.255.255.0 4

Changing the Local or Remote Network Which network should I change? If the problem occurs from multiple locations or for multiple users, change the remote network If the problem occurs for one user connecting from a specific location, and you (or the user) have configuration access to the local router at this location, change the local network. How to change the remote Network: Change the conflicting local network on the VPN gateway (usually the LAN network). If you are not using DHCP at this site, also change the network settings of all attached devices to the new network. Change the Remote Network (Basic > Remote Network(s) in VPN Tracker) How to change the local network: Log into your local router using your web browser (e.g. http://192.168.1.1) Access the local network settings (LAN settings, or WLAN settings if you re using a wireless network) Change the network address from the current (e.g. 192.168.1.0/24) to a new address (e.g. 192.168.77.0/24) If you are not using DHCP, you will also need to change the network settings on every computer on the local network to the new settings You should now be able to successfully connect to your remote VPN network using VPN Tracker. 5

Alternative Configuration for SonicWALL: Virtual Remote Network Introduction With a SonicWall VPN gateway it is possible to create an additional fake remote network which will act and look like a real network to your VPN clients, but in fact will simply hand over all traffic to your actual remote network. The aim is to allow VPN clients which are on a network with an identical network address to connect, even if changing the local or remote network address is not possible. Example: You are at a client s office and you cannot change their local network address. Changing the remote network (i.e. the SonicWALL s LAN) is also not feasible Solution: By creating a fake LAN network, you will be able to connect to a different remote network from VPN Tracker s perspective, while in reality, you will still be talking to the original remote network. Configuring the SonicWall To start configuring your SonicWall VPN gateway, log into the admin panel via your web browser. Once you have access to your admin panel, please follow these simple steps to get your fake network address range up and running. Make sure to have a current backup of your SonicWALL s settings before proceeding. Step 1 Create the fake LAN Note: If the conflicting network is not the LAN, but another network you are connecting to through VPN (e.g. DMZ), please adapt these instructions to your specific situation. Go to Network > Address Objects and add a new object Name: Fake LAN Zone: LAN Network: 192.168.99.0 (or any other private subnet that is not used anywhere on the SonicWALL, and is not used anywhere VPN clients connect from) Netmask: 255.255.255.0 If you do not yet have a network address object for your SonicWALL s actual LAN, please create one at this point as well. 6

Step 2 Granting Access Your VPN users will need to have access to both networks. If you authenticate your users using XAUTH Go to Users > Local Users Add the Fake LAN address object to each users VPN Access list For LDAP/RADIUS users, please add it to the LDAP/RADIUS user group s VPN Access list If you are not using XAUTH Go to the Advanced tab of the GroupVPN Policy Since you can only select one address object there, you will first need to create an address object group that contains both your actual LAN network, and the fake LAN network Step 3 Create a NAT policy In order for everything to work, you will need to create a NAT policy so that traffic to the fake LAN is correctly directed to the actual LAN. Be careful when creating NAT policies, you can very easily lock yourself out that way! Source: Any Translated Source: Original Original Destination: Select the address object created for your fake LAN Translated Destination: Select the address object representing your actual LAN Original Service: Any Translated Service: Original Inbound Interface: Any Outbound Interface: Any Check the box to enable the NAT policy Do not create a reflexive policy 7

Configuring VPN Tracker VPN Tracker users who do have a network address conflict, can now use the fake LAN instead of the actual LAN network in their Remote Network(s) setting. To connect to a host in the remote network, they will need to use the mapped IP address from the fake network. Example Alice wants to connect to her work VPN. The wireless network 192.168.1.0/24 at the hotel she frequently has to stay at on business trips, and the remote network 192.168.1.0/24 of her VPN (the SonicWALL s LAN) conflict. She needs to access the file server at 192.168.1.10 and a mail server at 192.168.1.19 through the VPN. Since the infrastructure at the SonicWALL s site can t easily be changed, the admin decides to create a fake LAN for her. The fake LAN the admin uses is 192.168.99.0/24. After making the changes on the SonicWALL, the following changes need to happen on Alice s Mac: The VPN s remote network needs to be changed to 192.168.99.0/24: Alice needs to use new IP addresses to connect to the email and file servers 192.168.99.10 (instead of 192.168.1.10) 192.168.99.19 (instead of 192.168.1.19) Users that do not have network conflicts can continue to use the actual LAN network as the remote network address (192.168.1.0 / 24), and connect as usual. Using Remote DNS to Simplify Configuration If you operate an internal DNS server, it will be helpful for your users if you set up a second internal DNS server that returns the IPs from the new fake LAN instead of their actual IPs. Enter this server as the Remote DNS Server in VPN Tracker. Your users can then continue to use their well-known host names, and won t even notice that these addresses now resolve to IP addresses from the fake LAN. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information