Hi everybody,
I was asking about the S2S VPN lately, but have a bit different question now. What are the industry standards / best practices to securely connect two company branches? I was thinking of a VPN connection, but it does not allow one to connect two identical subnets e.g. 10.11.12.0/24 with 10.11.12.0/24. Is there a way to connect two offices via VPN and reduce or eliminate the possibility of subnet overlap?
Thanks, AL
ALeu schrieb:
If you have the same subnet remote and local, it's hard to find a simple logic for any router to decide where a packet should go to, so you must NAT both subnets to different subnets outside, with all possible side effects on protocols that don't like NAT. No matter if tunneled through a VPN, a leased line or dialup connection.
Only pure IPsec with the old crypto map syntax is kindof restricted.
If you setup GRE tunnel interfaces with IPsec protection, you have routable interfaces which can also be ip nat inside or ip nat outside.
you can bridge between the 2 sites, and maybe you can get that to work over a VPN.
However - the real fix is to readdress 1 site. Badly set up addressing is going to cause you all sorts of problems down the line, so fix it now rather than try to patch up the side effects.
Site A address 10.10.10.0 /24 Server A 10.10.10.10 Site B 1.10.10.0 /
24Could use dns, when a host at site B sends traffic to Server A at site A, the name server directs traffic to 172.21.1.10 via the dns, this then crosses the ipsec vpn on arrival do a network nat statement translating the 172.21.1.0 /24 range to 10.10.10.0 /24 this will then be able to hit the server at 10.10.10.10
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.