[Openswan Users] Same subnets on both ends
Norman Rasmussen
norman at rasmussen.co.za
Mon May 29 21:59:32 CEST 2006
On 5/29/06, Marc McGuinness <mailing-list at mcguinness.de> wrote:
> I was asked to configure VPNs for several subnets. Unfortunately I've
> got two large subnets with the same ip range.
>
> Example:
> 192.168.0.0/16 --- 194.176.114.16 --- internet --- 84.211.33.9 ---
> 192.168.0.0/16
>
> I can't just renumber one end as there would be many difficulties
> involved, especially political ones (responsiblities).
>
> Is there a good way of getting the VPN to work without renumbering a subnet?
If I remember correctly you can do this.
You'll want to NAT 194.176.114.16 network to 192.168.1.0/16 and
84.211.33.9 network to 192.168.2.0/16 - or similar assuming no other
conflicts.
The easiest way is to probably use NAT on both networks. That way
when anyone else wants to access those networks they use the 'new'
numbering, but the NAT translates into the 192.168.0.0/16 addresses.
(both networks do 1 set of NAT)
Alternatively you could only use NAT on one of the networks. Then you
have to nat the current network _and_ the conflicting network's IPs -
one network does 2 sets of NAT.
P.S. I'm not sure how much sense you can make out of that :-)
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list