VPN IP from internal LAN range

nick_patchett
nick_patchett Posts: 12  Freshman Member
Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate First Comment Fifth Anniversary

I need to setup remote access IPSEC for some users, but I need them to get an IP address on the internal LAN range so it routes traffic correctly down a VPN connection. Is this possible?

Accepted Solution

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,199  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @nick_patchett

    As PeterUK mentioned, assigning VPN clients an IP address from your internal LAN range is generally not recommended because it can cause routing issues and IP conflicts. Instead, it's best to use a separate, non-overlapping IP range for your VPN clients.

    If your goal is to allow VPN clients to communicate with devices on your LAN, you can achieve this by configuring appropriate routing rules. This way, traffic can be correctly routed between the VPN and LAN networks without causing conflicts.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • PeterUK
    PeterUK Posts: 3,458  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 15

    If device on a LAN have 192.168.1.0/24 with a gateway then VPN IP with 192.168.50.0/24 can route to them devices on the LAN

    If the clients connecting by VPN have a LAN of 192.168.1.0/24 or 192.168.50.0/24 you will have problem

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,199  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @nick_patchett

    As PeterUK mentioned, assigning VPN clients an IP address from your internal LAN range is generally not recommended because it can cause routing issues and IP conflicts. Instead, it's best to use a separate, non-overlapping IP range for your VPN clients.

    If your goal is to allow VPN clients to communicate with devices on your LAN, you can achieve this by configuring appropriate routing rules. This way, traffic can be correctly routed between the VPN and LAN networks without causing conflicts.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community