0

Host A, located in Virginia, connecting to TZ-215 L2TP VPN (WAN GroupVPN) server. Local IP: 192.168.1.2. Connecting using a unique local account setup on TZ-215.

Host B, located in Pennsylvania, connecting to same TZ-215 L2TP VPN (WAN GroupVPN) server. Local IP: 192.168.1.2. Connecting using a unique local account setup on TZ-215.

Whenever these users connect to the VPN on their own, they're able to connect, and able to view and interact with our network without issue.

Example Problem:

Host A is connected to the VPN. They're utilizing a network resource with no problems. Host B connects to the the VPN. Host A is disconnected. The only commonality between these users at that time is that they both have the same Local IP address: 192.168.1.2.

Any ideas?

jcoughlin
  • 11
  • 1
  • 7

1 Answers1

0

Does the VPN have a DHCP scope that doesn't intersect with the LAN? - clearly, they can't have the same IP address on the LAN extension (VPN). presumably they are getting an IP address from the VPN gateway and they both also just happen to have the same local IP addresses on their home networks, if that's the case I would look at what the VPN is doing, if it is NATing client local addresses to a single IP address then this will poison the ARP cache, you can look with arp -a to see the cache on the VPN gateway. If the VPN has a DHCP scope then I would check that none of the clients have a static IP set on their VPN client and there are no DHCP reservations.

Sum1sAdmin
  • 1,914
  • 1
  • 11
  • 20
  • The DHCP scope of the L2TP server is different than both the networks that people are remoting in from, and the local network. I'll definitely look at the NAT rules though, I do recall there's a transform to a local IP. This actually sounds pretty promising. Thanks!! – jcoughlin Apr 11 '16 at 14:57
  • I replied without taking a second to think. Users without the same IP don't seem to have any trouble but I may have just been running into a random commonality since most home DHCP addressed are usually something between 192.168.1.2-10, which is why we occasionally have people connecting with the same local IP. – jcoughlin Apr 11 '16 at 15:08