Identical network address workaround for VPN

[jcneil1]

I use MS ISA server w/RRAS for VPN access to corporate. The mobile users occasionally have problems when the hotel offers LAN connections (NAT) and the hotel network happens to use the same private address as our corporate LAN (also NAT). Of course the user has to use dial-up ISP instead and all works. They want to use the high speed (understandably).

The issue is that our servers (192.168.1.x/24) appear to be local to the laptop in hotel (192.168.1.x/24) so the laptop doesn't feel the need to route thru the VPN. Duh!

Anyone have a workaround?

 

[chicocouk]

Doesn't RRAS supply ips via dhcp when you dial up? So assign them an address on a 172.16.x.x address, then add rules to isa allowing traffic from 172.16.x.x to the 192.168.1.x range and vice versa. I know of hardly anywhere that uses 172.16.x.x as a local range, but it is a private range, often used for transit networks, such as this

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP