[ previous ] [ next ] [ threads ]
 
 From:  "Scott Neader" <scott dot neader at CenturyTel dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSec VPN with sort-of overlapping LAN subnets
 Date:  Fri, 28 Oct 2005 13:03:02 -0500
I know this has been discussed before....  If you have two LANs with
duplicate subnets, you cannot do an IPSec VPN between them.  The
documentation says this is a limitation of basic IP networking, and not
a problem with m0n0wall, and I agree. 

Yet I keep thinking there is a way out of my problem with some type of
NAT solution.

Simple drawing of the scenario I am in:

                               ----- m0n0wall --- 192.168.1.0/24
                              /      
10.1.1.0/24 --- SonicWALL ---/      
LAN             Firewall     \
                              \
                               ----- LinkSys ---- 192.168.1.0/24

The m0n0wall and LinkSys networks do NOT need to talk to each other.


The problem is that in the SonicWALL firewall, I cannot build tunnels to
networks that overlap like this.  So, I need one of the networks to look
like something else.  I have played with NAT on the SonicWALL side with
no success.  SonicWALL engineers say that it is the far end (m0n0wall or
LinkSys) that needs to do the NAT.  So, the SonicWALL would build a
tunnel to some other "fake" IPs, then the far end would translate.

Any ideas appreciated!

- Scott