[ previous ] [ next ] [ threads ]
 
 From:  "Mark Gilbert" <mgilbert at marinhd dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.
 Date:  Fri, 30 Jun 2006 13:22:01 -0700
Oops...I made a mistake on how it works:
 
 
Tunnel 1:   10.0.0.0-----|--------192.168.40.0 ------ 192.168.1.0
 
Tunnel 2:   10.0.0.0-----|--------192.168.40.0 ------ 192.168.1.0
 
The device on the remote end translates the 1.0 into a different subnet so that the 10.0.0.0 network
is able to communicate with 2 separate 1.0 networks.
 
Sorry for the goof up
 
Mark
 
 
 
 

________________________________

From: Mark Gilbert [mailto:mgilbert at marinhd dot com]
Sent: Fri 6/30/2006 12:30 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.



We have done this with Cisco devices.  It maps Ip's on each end to the NAT mapping in the middle.

IE.

10.0.0.0 --- 192.10.30..0---|---192.168.31.0 ------ 192.168.1.0

Specific IP

10.0.0.5 --- 192.10.30..5---|---192.168.31.25 ------ 192.168.1.25

________________________________

From: Michael Brown [mailto:knightmb at knightmb dot dyndns dot org]
Sent: Fri 6/30/2006 12:23 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.



I think by design you can't have the same IP range, otherwise, how does
the client know where to send packets? What happens if you have two
computers on each end with the same IP address?

M0n0wall may support it, but I'm not sure the clients will.

Thanks,
Michael

Mark Gilbert wrote:
> Does the m0n0wall have the ability to handle vpn tunnels from one location with ideticle subnets
at the other end of the tunnel.
>
> Ex.
>
>                                                        Operations VPN m0n0wall
>                                                                10.0.0.1
> _________________________________|________________________________
>             |                              |                                             |        
                     |          
> 192.168.1.0               192.168.0.0                             172.20.30.185       192.168.1.0 
  
>
> You will notice that there are 2 networks with 192.168.1.0
>
> I don not remember what to call this type of NAT translation but in order to do it on other
devices we had to do the following for vpn's:
>
> 10.0.0.0 --- 192.10.20.30.0---|---192.168.31.0 ------ 192.168.1.0
>
> 10.0.0.0 --- 192.10.20.40.0---|---192.168.41.0 ------ 192.168.1.0
>
> This allows us to have multple customers with identicle subnets.
>
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch