[Openswan Users] Same subnets on both ends
Marc McGuinness
mailing-list at mcguinness.de
Tue May 30 01:01:01 CEST 2006
Thanks for your answers!
I'll have a closer look into your NAT-related suggestions.
Marc
Norman Rasmussen wrote the following on 29.05.2006 20:59:
> On 5/29/06, Marc McGuinness <mailing-list at mcguinness.de> wrote:
>> I was asked to configure VPNs for several subnets. Unfortunately I've
>> got two large subnets with the same ip range.
>>
>> Example:
>> 192.168.0.0/16 --- 194.176.114.16 --- internet --- 84.211.33.9 ---
>> 192.168.0.0/16
>>
>> I can't just renumber one end as there would be many difficulties
>> involved, especially political ones (responsiblities).
>>
>> Is there a good way of getting the VPN to work without renumbering a
>> subnet?
>
> If I remember correctly you can do this.
>
> You'll want to NAT 194.176.114.16 network to 192.168.1.0/16 and
> 84.211.33.9 network to 192.168.2.0/16 - or similar assuming no other
> conflicts.
>
> The easiest way is to probably use NAT on both networks. That way
> when anyone else wants to access those networks they use the 'new'
> numbering, but the NAT translates into the 192.168.0.0/16 addresses.
> (both networks do 1 set of NAT)
>
> Alternatively you could only use NAT on one of the networks. Then you
> have to nat the current network _and_ the conflicting network's IPs -
> one network does 2 sets of NAT.
>
> P.S. I'm not sure how much sense you can make out of that :-)
>
--
PGP: http://mcguinness.psychology4u.de/public.txt
More information about the Users
mailing list