site-2-site VPN

Hi everybody,

I was asking about the S2S VPN lately, but have a bit different question now. What are the industry standards / best practices to securely connect two company branches? I was thinking of a VPN connection, but it does not allow one to connect two identical subnets e.g. with Is there a way to connect two offices via VPN and reduce or eliminate the possibility of subnet overlap?

Thanks, AL

Reply to
Loading thread data ...

ALeu schrieb:

If you have the same subnet remote and local, it's hard to find a simple logic for any router to decide where a packet should go to, so you must NAT both subnets to different subnets outside, with all possible side effects on protocols that don't like NAT. No matter if tunneled through a VPN, a leased line or dialup connection.

Only pure IPsec with the old crypto map syntax is kindof restricted.

If you setup GRE tunnel interfaces with IPsec protection, you have routable interfaces which can also be ip nat inside or ip nat outside.

Reply to
Uli Link

you can bridge between the 2 sites, and maybe you can get that to work over a VPN.

However - the real fix is to readdress 1 site. Badly set up addressing is going to cause you all sorts of problems down the line, so fix it now rather than try to patch up the side effects.

Reply to

Site A address /24 Server A Site B /


Could use dns, when a host at site B sends traffic to Server A at site A, the name server directs traffic to via the dns, this then crosses the ipsec vpn on arrival do a network nat statement translating the /24 range to /24 this will then be able to hit the server at

Reply to
tweety Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.