04-22-2019 05:04 AM
Hello everyone.
I'm currently in a scenario that made me think if it would work.
My firewall is a VPN hub to several partners that peer with me with private IP addresses.
So far, i've managed to do not let any partner private subnet overlap, but right now I'm without options.
Basically all partners peer with my firewall in order to reach the internal IP x.x.x.x.
In this scenario, I'll have two different partners with subnets 10.0.0.0/24 and 10.0.0.0/25 attempting to reach the x.x.x.x IP address inside the IPSec tunnel. Will that work? I assume the traffic will be routed based on the SPI, but I'm not sure what exactly will be the result of that scenario.
Does anyone had a similar scenario? Would that work?
Thanks,
Caio
Solved! Go to Solution.
04-24-2019 04:50 AM
I've actually made it work without any NAT.
Partner 1
Interesting traffic
Remote: 192.168.0.18/32
Local: x.x.x.x/32
Partner 2
Interesting traffic
Remote: 192.168.0.0/24
Local: x.x.x.x/32
Both seems to be working (since the partner 2 is not using the IP 0.18).
Thanks,
04-22-2019 11:40 AM
04-22-2019 11:55 AM
Thank you Balaji.
In that scenario I understand that he's attempting to make the networks (that overlap) talk to each other.
In my scenario I dont neet to have the networks talking to each other. I need both partners (with overlapping networks) to talk to my IP address.
I'm wondering if that would work or if i should force the NAT from one of the peers.
Thanks,
Caio
04-22-2019 12:39 PM
Thats is example scenario i have provided to undestand.
In routing percept you need to do one of the site NAT since both can not be same IP address range.
Make sense ?
04-24-2019 04:50 AM
I've actually made it work without any NAT.
Partner 1
Interesting traffic
Remote: 192.168.0.18/32
Local: x.x.x.x/32
Partner 2
Interesting traffic
Remote: 192.168.0.0/24
Local: x.x.x.x/32
Both seems to be working (since the partner 2 is not using the IP 0.18).
Thanks,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide