I have a Cisco RV110W small office router (this configuration process is common to many Linksys/Cisco routers) and I am trying to define QuickVPN clients. When add a client of type "QuickVPN" the router gives me the following warning:
(You can find a larger version of the screenshot here
"WARNING: In order to ensure proper functionality, the router will need to change its IP address to 10.x.x.1 to avoid conflicts with the remote network. You will need to reboot all PCs and network devices connected to the router. If you have set static IP addresses on any device or if you are using port forwarding, you will need to update its IP address to the new IP range to operate properly. Would you like to continue?"
My internal subnet is 192.168.1.0/255.255.255.0. I don't understand the warning message since a 10.x.x.1 network can just as easily conflict with a remote network as a 192.168.1.x network can.
How shoud I proceed?
Best Answer
According to Cisco support, QuickVPN connections to this device require that the inside interface of the router be set to a 10.x.x.1 address. Assuming that your LAN isn't 10.x.x.1 this would mean a readdressing of all devices, DNS changes, etc. Ridiculous. They said this was because most of the networks where the QuickVPN clients come from will be 192.168.x.x, so this would conflict. I said that 10.x.x.1 would conflict as well in the case that the remote user was on a 10.x.x.1 and was told that the 10.x.x.1 range was picked because it's used less frequently than 192.168.x.x. So to prevent an conflict between the remote and central networks, the device was hard coded with this requirement.
I'm used to Cisco VPNs where the VPN gets one or more unique subnets and NAT does all the magic. I don't understand QuickVPN connections well enough to know how the implementation is different.
These restrictions apply to PPTP VPNs as well.