[ previous ] [ next ] [ threads ]
 
 From:  George Farris <farrisg at mala dot bc dot ca>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Site to site ipsec with same local net ip.
 Date:  Tue, 10 Jan 2006 09:08:20 -0800 
On Fri, 2006-06-01 at 13:16 -0800, Nate Putnam wrote:
> George Farris wrote:
> 
> >>Not going to work.  You can't have the same subnet on both sides.  See
> >>#2 here: http://doc.m0n0.ch/handbook/ipsec-prerequisites.html
> >>
> >>    
> >>
> >
> >Even if we only want the vpn to be only between the two end points and
> >  the two networks?
> >
> >  
> >
> Yes. Even then.
> 

I was hoping that because the LAN was NATed to the outside interface and
that the remote side would never see the inside lan address it would
function.  Apparently Cisco PIX's can do this.  Any ides how on might
accomplish this?  All I have to do is provide a vpn to a remote web
server, the connection should never be initiated in the other direction.

-- 
George Farris   farrisg at mala dot bc dot ca
Malaspina University-College