Same subnet possible on either side of a VPN tunnel?

VPN Subnet Translation

Submit a new text post. Financial information and other "stuff"? Its a common problem with remote vpn connections or site to site vpn setups.. But you still can run into issue where the server your talking to says hey Routing is based on subnets. Home users normally have much easier to change their side to say

Sign in to Neowin Faster!

Work VPN and Home LAN on the same subnet

I use split tunneling so that Internet and VPN traffic are separate anyway. I use my laptop primarily for VPN work although my desktop computer has the same connection one hardware VPN router and one subnet. It has been hooked up this way for years, is very secure, and has never been transgressed by anyone.

If you put the work machine on a different subnet how is it going to see the local resources such as server? Split tunneling as John suggested allows you to access corporate resources as needed and the balance of traffic, LAN and Internet is routed through your local network. The 1 concern with VPN's is you have a very secure tunnel, but wide open to all traffic between a corporate network and a PC over which it has no control.

Personally I prefer remote desktop which only exchanges scree refreshes. That was what the static routes were for I know mountain out of a mole hill but me being stupid still smarts right now. The static route on it's own will do nothing.

If you router supports multiple subnets and you put that PC on a port defied with a different subnet and assign the new gateway to the PC you could conceivably do so, however once you define the routes, traffic can travel on it the same as the LAN.

You cannot randomly assign a different subnet to a PC. Perhaps I do not fully understand. For the former enable split tunneling, for the latter enable the windows firewall, but this is all a moot point if the subnets are the same at home and work.

The concern is that they said all of my IP traffic was passing through the VPN through to their servers. I assume that they let that traffic continue on its way. However for this reason I was blocked from seeing my local resources, not because of security reasons as I originally expected. Not for convenience but out of necessity. In order to access your local printer, as you have stated, you will need to "Enable local LAN access if configured " in the AnyConnect client.

When you do so the VPN connection will stop working because of a routing conflict between the local and remote sites. This is due to the local systems not knowing where to send the Routing is based on subnets. Thus the VPN traffic will be kept local and lost. Currently all traffic is routed to the corporate network because the default route for There are only 2 ways to fix this, change your local subnet or change the corporate LAN.

Though I appreciate the former is not a simple task in your case, I suspect the latter is not an option. Once you do so and "Enable local LAN access" only All very secure and separated. As an alternative, with many ISP's you can place a switch between your home router and the modem and add a second router, subnet, and networked PC's. You could use this for your development network and only change its subnet.

Experts Exchange Solution brought to you by Your issues matter to us. Got it thank you. While you will change your local subnet, it may be a good idea to set up everything on it with DHCP. This way, you have a central point for managing all your IP addresses If VPN subnet translation is configured, the translated subnet will automatically be advertised to all remote site-to-site VPN participants. In this example, in order for the web server at This option is ideal for large deployments where IP addresses within the site-to-site VPN must be conserved.

In this example, response traffic from the web server must be sent to the client using a destination IP address of If the web server's traffic is in response to a previously established VPN flow originating from the client, then it will be allowed through the VPN, the destination IP address will be translated back to the original client's, and the traffic will be forwarded to the original client.

Click to Learn More. You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor. Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own. You will need to repeat step 3 after each time you connect to the VPN, though the routes in step 4 will persist across reboots. Note, any IPs that you add a static route for in step 4 will not be accessible on the local network. You are correct, when you attach to a VPN, by default it attempts to use the remote gateway for all Internet traffic, which often doesn't work.

This should cause Windows to use your local gateway for traffic not found on the VPN. By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service , privacy policy and cookie policy , and that your continued use of the website is subject to these policies. Home Questions Tags Users Unanswered.

I'm not sure how to do this.. The Windows 7 pc is in a separate location, but has the same network range I'm guessing that when the VPN connection is made, it tries to become the default gateway. How can I do this without the routing getting confused? Samuurai 75 1 2 7. To clarify, the issue you're talking about is the VPN subnet

Want to add to the discussion?

Leave a Reply