Create a Post
Showing results for 
Search instead for 
Did you mean: 

Route VPN client remote access to LAN


We have some troubles with remote access client VPN.
With office mode, client behind ISP is on the same subnet that LAN. VPN connexion is OK but the problem is when there are device behind ISP who has the same IP address than another device behind the firewall on the LAN. can someone help us please. Thank you


Appliance 4800


LAN >>

Office mode subnet >>

Remote client subnet behind ISP >> Same that LAN

0 Kudos
4 Replies
Champion Champion

OfficeMode should solve your issue having the same IP/network on both sides.

First, please check your firewall log for any spoofing entries. If these are logged, try to exclude your OfficeMode network from the address spoofing configuration of your external interface.

Please check that the OfficeMode IP is correctly applied to your remote client. You can check this within the VPN client's connection settings while the VPN tunnel is establied and also on the client's cmd via ipconfig.

Check if a Desktop Policy is in place that might prevent specific traffic.

0 Kudos

Thank you Danny Jung,

I try to exclude OfficeMode network from the address spoofing configuration of our external interface. still have the problem.

We dont have Desktop Policy.
This is VPN client connection settings:

0 Kudos

We connect with VPN capsule on Windows 10 and still cannot ping device in the LAN behind the firewall because there is same IP address behind ISP. We try to connect with endpoint and it works. Why this does not work witch capsule ??. can someone help us please?

0 Kudos

You are always going to have a bad time if your local client is using an IP address that is also used by the remote VPN.

I had a similar problem years ago when the VPN was preventing me from using my local LAN. 

I ended up writing a batch file to solve the problem, which, with some modifications, may be useful.

Note that this also starts up SecuRemote in CLI mode, which may not work or be relevant anymore.


@REM kill Echo @echo off setlocal EnableDelayedExpansion
set SCC="C:Program Files\\CheckPoint\\SecuRemote\\bin\\scc"
%SCC% setmode cli
rem %SCC% disconnect
%SCC% up username %1%
%SCC% connect "VPN Profile"
%SCC% status
%SCC% ep
@REM Trying to pull out VPN route and mess with routing table
@REM Did we find the netmask line?
set hitnetmask=0
@REM Let's pull out a route I know will be there:

@for /f "tokens=3" %%i in ('route print') do (

@REM After we found the netmask, the next thing we get is the route we want
@REM and make sure we get out of dodge
if !hitnetmask! EQU 1 (
call :set_nexthop %%i
GOTO :found_route
@REM The next line after the "netmask" line is the one we want.
if "%%i" == "Netmask" (call :set_hitnetmask)

@REM end for

set hitnetmask=1

set nexthop=%1

echo Nexthop is %nexthop%, deleting/setting the routes appropriately
echo on
route delete mask %nexthop%
route delete %nexthop%
route delete %nexthop%
route add


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events