Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
1
Replies

DMVPN (NAT?) solution with spokes with all the same subnets

Go to solution
sossie
Level 1
Level 1

‎07-26-2016 07:55 PM - last edited on ‎03-25-2019 03:47 PM by Community Manager

Hi all,

I have a large number of remote networks that are spread all over the world. Currently they are all individual island with no connectivity to anywhere else.

What I would like to do is connect them all back to head office over the internet so I can remotely access them. The internet service I get from every site will be different and unknown e.g some directly on the internet, some behind NAT.

So I think the solution to this is DMVPN.

But my problem is that all of the remote sites have the same internal subnet. So how can I make sure they are all connected and the remote devices are all accessible at the same time?

I'm wondering if I can setup NAT on perhaps the Spoke router so that every device has a static nat with the Natted IP being unique. I have labbed this up in GNS3 and it seems to work. However the problem is that there are hundreds of devices at each site, which means a lot of NAT entries.

I'm wondering is it possible to do a full 1:1 Nat just specifying an entire network to network. E.g something like 192.168.20.0/24 NAT to 10.0.1.0/24  if try to access 192.168.20.5 it actually connects to 10.0.1.5

Has anyone ever got something like this working?

Is there a good solution?

Thanks, Simon

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ghostinthenet
Level 7
Level 7

‎07-28-2016 08:06 AM

It's possible, but (assuming they're already using NAT for their Internet access) you're going to need to define things very carefully to avoid interfering with what they have.

Doing a full subnet translation is easy and is a one-liner:

ip nat inside source static network 10.0.0.0 192.168.0.0 /24

The problem is that this will override any existing NAT for this subnet, so you have to make it, and the existing NAT configuration conditional.

Can you provide an example of how the current NAT is set up for one of these sites?

---
Jody Lemoine, Network Architect
CCIE 41436, MTCRE, MTCINE, MTCIPv6E
tishco networks, Virtually Everywhere
(905) 378-1134, jody.lemoine@tishco.ca

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ghostinthenet
Level 7
Level 7

‎07-28-2016 08:06 AM

It's possible, but (assuming they're already using NAT for their Internet access) you're going to need to define things very carefully to avoid interfering with what they have.

Doing a full subnet translation is easy and is a one-liner:

ip nat inside source static network 10.0.0.0 192.168.0.0 /24

The problem is that this will override any existing NAT for this subnet, so you have to make it, and the existing NAT configuration conditional.

Can you provide an example of how the current NAT is set up for one of these sites?

---
Jody Lemoine, Network Architect
CCIE 41436, MTCRE, MTCINE, MTCIPv6E
tishco networks, Virtually Everywhere
(905) 378-1134, jody.lemoine@tishco.ca
0 Helpful
Customers Also Viewed These Support Documents