Q: We are using Palo Alto firewall VPN software GlobalProtect. One of VPN users has a problem to access most LAN resources after establishing the VPN. The problem is his home network uses the same IP range (10.0.0.0/24) and the default gateway is 10.0.0.1.
He doesn’t want to change his home network IP range and gives us this reason: “Comcast recommended that changing it wouldn’t be a good idea”.
My temporary resolution is assigning his computer static IP address at home: 10.0.0.3/252. It works, but with some problems, for example some mapping may not work. I think the problem is both network using the same default Gateway. He asks why he doesn’t have this problem before we use Cisco ASA? Do you have any suggestions?
A:
If he’s using a class C subnet we can make the Palo VPN DHCP pool use a class B, that would make it on different networks.
If we made that change, everyone that is connected on VPN will need to disconnect and reconnect to get the new subnet IP pool.
We can also make the VPN pool something like 192.168.76.X so hopefully, no one else would have that IP address running locally at home
Perhaps, try split tunnel.
On the client site, you may try re-configure routing table.