Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1215
Views
0
Helpful
4
Replies

Duplicate Remote Lan Subnets VPN

Go to solution
ranbeckycr
Level 1
Level 1

‎05-22-2007 01:55 PM

Hello Experts,

I have 2 duplicate REMOTE lans connecting via VPN with the ip address of 192.168.70.X and 192.168.70.x

One is already working but I don't know how to add the second one which is enumerated

exactly the same. Not quite sure on how to apply the NAT on my Local Router for the second duplicate subnet.

I found this article but it talks about duplicate lans on both sides and it does NOT apply

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b07ed.shtml

Is there anything similar but with 2 REMOTE LAN Subnets?

Thanks,

Randall

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ranbeckycr

‎05-23-2007 05:28 AM

Hi Randall

AFAIK you will have to do it on the remote end. The problem is that if you have the same address eg 192.168.1.70 arriving from both sites at the same time VPN device at your end will get very confused as to where the return traffic should go.

You can NAT the source IP addresses on your local router for one set of the 192.168.70.x addresses but i still think the VPN device would not be able to determine which tunnel to send the traffic down on the return path.

I appreciate it's not always easy to get the 3rd party to do something but i think this is your only choice.

HTH

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-22-2007 10:43 PM

Hi Randall

You will need to NAT one of the 192.168.70.x subnets at the remote end so by the time they reach your VPN device they are not seen as 192.168.70.x.

You can either do a one for one NAT you could choose a subnet that is not in use anywhere else on your network eg

192.168.5.0/24

and then setup a NAT pool on the remote device that translates any 192.168.70.x address to a 192.168.5.x address.

Or

You can hide all the 192.168.70.x addresses behind one address at the remote end.

Either way you need to ensure that by the time the traffic reaches your VPN device the source addresses are no longer 192.168.70.x addresses.

HTH

Jon

0 Helpful

Go to solution
ranbeckycr
Level 1
Level 1
In response to Jon Marshall

‎05-23-2007 05:20 AM

Hi Jon,

Thanks for your time on the response. Based on your description I pretty much need to fix the NAT on the REMOTE End Router and NOT the local router.

Is there any way that we can make this happen on the Local Router since I don't have control over the Remote End since it is a Third Party?

Thanks,

Randall

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ranbeckycr

‎05-23-2007 05:28 AM

Hi Randall

AFAIK you will have to do it on the remote end. The problem is that if you have the same address eg 192.168.1.70 arriving from both sites at the same time VPN device at your end will get very confused as to where the return traffic should go.

You can NAT the source IP addresses on your local router for one set of the 192.168.70.x addresses but i still think the VPN device would not be able to determine which tunnel to send the traffic down on the return path.

I appreciate it's not always easy to get the 3rd party to do something but i think this is your only choice.

HTH

Jon

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ranbeckycr

‎05-23-2007 05:38 AM

Randall

Just a quick thought. Are the local subnets that the remote sites are accessing the same subnets or hosts ?. if there was no overlap between the local hosts/subnets that were being accessed then you could try doing NAT at your end.

Still not entirely sure it would work.....

Jon

0 Helpful
Customers Also Viewed These Support Documents