08-10-2012 01:26 PM
I have a site to site VPN between Site A and Site B. Can I create another site to site VPN between Site A and Site C when Site C has the same subnet as Site B? Is there some way to NAT one of the sites or do I have to re-IP? Thanks!
Site A (10.10.10.0/24) and Site B (192.168.1.0/24)
Site A (10.10.10.0/24) and Site C (192.168.1.0/24)
Solved! Go to Solution.
08-10-2012 01:41 PM
Yes that can be done. Site B or site C has to hide their addresses with a subnet without conflict. If B and C want to communicate with each other, both have to hide their addresses. This works because NAT is done before IPSec. So you specify your translation and your crypto-ACLs have to use the translated addresses.
From my experiance: Don't do it! If the sites are not to big do a renumbering. Thats only one weekend with maximum pain and no sleep. But the double NAT is an ongoing pain.
Third solution: If you have already some IPv6 experiance and you only need communication to some servers, the you can deploy them dual-stack and ignore zhe IPv4 conflicting addresses.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
08-10-2012 01:41 PM
Yes that can be done. Site B or site C has to hide their addresses with a subnet without conflict. If B and C want to communicate with each other, both have to hide their addresses. This works because NAT is done before IPSec. So you specify your translation and your crypto-ACLs have to use the translated addresses.
From my experiance: Don't do it! If the sites are not to big do a renumbering. Thats only one weekend with maximum pain and no sleep. But the double NAT is an ongoing pain.
Third solution: If you have already some IPv6 experiance and you only need communication to some servers, the you can deploy them dual-stack and ignore zhe IPv4 conflicting addresses.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide