Solved: NAT VPN Question

peter.williams · ‎10-16-2012

Hello,

I have a question.

I have a customer that has to be added to another network through Site-TO-Site VPN. However the customer has a ip address network (192.168.0.0 255.255.255.0) and the network that they need to be connected to has a DMZ zone of 192.168.0.0 255.255.255.0), which the customer needs to be able to access.

So the diagram looks like this - customer(192.168.0.0 255.255.255.0) - Internet - New network (10.0.0.0 (internal) and 192.168.0.0 255.255.255.0(DMZ).

Is there anyway of making this work without it looking for an ip address internally?? So if the customer has an ip address on their pc of 192.168.0.50 and the server they need to access on the other side is 192.168.0.50, how can I get them connected? Or, do I need to completely re-ip address the internal network of the customer??

Thank you for your help

nickbonifacio · ‎10-16-2012

Hi Peter,

Obviously, the best thing to do would be re-ip one of the networks. In the meantime you could setup a double nat to get connectivity right away. You would have to set up natting on both ends. This could also cause trouble with some applications so I do not recommend it if you can avoid it.

Are these routers or ASAs?

Thanks!

Nick

Nick Bonifacio CCIE #38473

View solution in original post

nickbonifacio · ‎10-16-2012