11-26-2015 12:09 AM - edited 03-05-2019 02:49 AM
11-26-2015 03:32 AM
Hi Raimund,
what do you mean with the same Lan IPs?
Usually if you can, it would be better to agreed the encryption domains between the two Sites so that they don't overlap, that's the easier solution to me...
By the way, If you need to mantain your subnets on both sites overlapping between each other, the only thing you can do is to NAT on only one or on both side (it depends if you need a one or two-way communication):
Lan subnets:
Site 1: 10.10.10.0/24
Site 2: 10.10.10.0/24
Tunnel/VPN public end-points (through internet or whatever..):
Site 1: 1.1.1.1/32
Site 2: 2.2.2.2/32
Network/Ip address choosen to perform the NAT on Site 1 for example (one way communication with connection started by Site 2):
20.20.20.0/24
So the story is: The Traffic will be encapsulate throughout the VPN for all the requests from the Site 2 Lan pointing to the NAT subnet 20.20.20.0/24... once on the Site 1 equipment, you'll decapsulate the traffic, performing a DESTINATION-NAT towards the real Lan subnet on Site 1.
I hope this helps,
Regards
L.
11-26-2015 03:32 AM
Hi Raimund,
what do you mean with the same Lan IPs?
Usually if you can, it would be better to agreed the encryption domains between the two Sites so that they don't overlap, that's the easier solution to me...
By the way, If you need to mantain your subnets on both sites overlapping between each other, the only thing you can do is to NAT on only one or on both side (it depends if you need a one or two-way communication):
Lan subnets:
Site 1: 10.10.10.0/24
Site 2: 10.10.10.0/24
Tunnel/VPN public end-points (through internet or whatever..):
Site 1: 1.1.1.1/32
Site 2: 2.2.2.2/32
Network/Ip address choosen to perform the NAT on Site 1 for example (one way communication with connection started by Site 2):
20.20.20.0/24
So the story is: The Traffic will be encapsulate throughout the VPN for all the requests from the Site 2 Lan pointing to the NAT subnet 20.20.20.0/24... once on the Site 1 equipment, you'll decapsulate the traffic, performing a DESTINATION-NAT towards the real Lan subnet on Site 1.
I hope this helps,
Regards
L.
11-27-2015 05:00 AM
Thanks
I will test it in my lab
11-30-2015 01:11 PM
Ok, let me know then.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide