[ previous ] [ next ] [ threads ]
 
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.
 Date:  Fri, 30 Jun 2006 15:23:19 -0500
I'm certain that example below would work just fine, but the previous 
one looked like you had similar IP ranges on both ends of the tunnel.  
To answer your question I would say no because if I connect my computer 
to the m0n0wall VPN and the range of the foreign network is the same as 
my local network, nothing works, can't ping, etc to the other end of the 
tunnel.

Thanks,
Michael

Mark Gilbert wrote:
> We have done this with Cisco devices.  It maps Ip's on each end to the NAT mapping in the middle.
>  
> IE.
>  
> 10.0.0.0 --- 192.10.30..0---|---192.168.31.0 ------ 192.168.1.0
>  
> Specific IP
>  
> 10.0.0.5 --- 192.10.30..5---|---192.168.31.25 ------ 192.168.1.25
>
> ________________________________
>
> From: Michael Brown [mailto:knightmb at knightmb dot dyndns dot org]
> Sent: Fri 6/30/2006 12:23 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] multiple VPN tunnels with identicle subnets at other end.
>
>
>
> I think by design you can't have the same IP range, otherwise, how does
> the client know where to send packets? What happens if you have two
> computers on each end with the same IP address?
>
> M0n0wall may support it, but I'm not sure the clients will.
>
> Thanks,
> Michael
>
> Mark Gilbert wrote:
>   
>> Does the m0n0wall have the ability to handle vpn tunnels from one location with ideticle subnets
at the other end of the tunnel.
>>
>> Ex.
>>
>>                                                        Operations VPN m0n0wall
>>                                                                10.0.0.1
>> _________________________________|________________________________
>>             |                              |                                             |       
                      |           
>> 192.168.1.0               192.168.0.0                             172.20.30.185       192.168.1.0
    
>>
>> You will notice that there are 2 networks with 192.168.1.0
>>
>> I don not remember what to call this type of NAT translation but in order to do it on other
devices we had to do the following for vpn's:
>>
>> 10.0.0.0 --- 192.10.20.30.0---|---192.168.31.0 ------ 192.168.1.0
>>
>> 10.0.0.0 --- 192.10.20.40.0---|---192.168.41.0 ------ 192.168.1.0
>>
>> This allows us to have multple customers with identicle subnets.
>>
>>  
>>     
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>
>