cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2467
Views
0
Helpful
7
Replies

Connecting to two remote sites with same network IP

ja raju
Level 1
Level 1

Hi guys,

I have two remote sites with the same IP range: 10.0.0.0/24.

I need to configure L2L VPN to these two remote sites from the main site. I know that I need to perform NAT on one of the sites. I've already configured VPN for Site A but not yet for Site B.

How can I get access to both of the remote sites from my 172.24.103.0/24 network? How do i do the NAT?

Thank you in advanced.

2 Accepted Solutions

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

I have had to do this too many times !  Unfortunately Paolo when the 3rd party is a different company you can't simply tell them to readdress and to do as you say. And when your own management tells you it is imperative this company connects no matter what it takes, you unfortunately do have to get messy.  But i agree that it is far from ideal.

To the OP, it can be done as Milan points out. The first thing you need to do is to identify which devices at each need to connect to each other so you can work out the NATs you need to do. You also need to know where the connections will be initiated from ie.

1) only from your company to the remote site

2) from the remote site to your company

3) both ways

this will dictate how you set the NAT up. 

But as both Paolo and Milan have said, it is messy, and can take a while to get working correctly.

Jon

View solution in original post

7 Replies 7

paolo bevilacqua
Hall of Fame
Hall of Fame

Do not use the same subnet for both sites.

Renumber one and you will have perfect connectivity without tricks and stuff that always causes trouble.

The problem is, both are client sites and I can't get them redo their IP network.

Any other options?

You can, you are the Network Engineer, and when abou the network, they must do what you say.

Jon Marshall
Hall of Fame
Hall of Fame

I have had to do this too many times !  Unfortunately Paolo when the 3rd party is a different company you can't simply tell them to readdress and to do as you say. And when your own management tells you it is imperative this company connects no matter what it takes, you unfortunately do have to get messy.  But i agree that it is far from ideal.

To the OP, it can be done as Milan points out. The first thing you need to do is to identify which devices at each need to connect to each other so you can work out the NATs you need to do. You also need to know where the connections will be initiated from ie.

1) only from your company to the remote site

2) from the remote site to your company

3) both ways

this will dictate how you set the NAT up. 

But as both Paolo and Milan have said, it is messy, and can take a while to get working correctly.

Jon

Jon,

I know what you mean. However from me the answer is always "do you tell to a doctor what is imperative ?".

I also had customers trying the kludges first, then coming back to me willing to renumber.

Don't let end users dictate how networking is done. That is your job and you're paid to do it right, not wrong.

Yea... it's going to have to be messy I guess.

One of those client sites might have some spare public IP, so I planning to do the NAT on their end.

Have to see how that goes