Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 21006 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Same subnets in a vpn ipsec

papali
Hi, there is a way I can connect through a vpn ipsec 2 subnets from 2 offices with the same ip address network (192.168.100.0/24) without resorting to nat or double nat??

In the attached image the idea would be that the server TELECAMERA (192.168.100.10) connects to the IP camera 192.168.100.11.

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    1. yes, and there's a high risk of IP conflicts.

    2. RED is Sophos-only. You still have a risk of IP conflicts unless you use the Sophos DHCP services on both ends.

    Barry
  • 0 in reply to BarryG
    In the past (around V8), I have made communication succeed at site-to-site SSLVPN  in our lab.

    When it's a couple of IPs, I think it can.
    The setting by this way is complex.

    UTM-A
    Add in Additional Addresses
    192.168.200.a/24
    192.168.100.11/32

    UTM-B
    Add in Additional Addresses
    192.168.201.b/24
    192.168.100.10/32

    VPN tunnel
    192.168.200.0/24  --- 192.168.201.0/24

    UTM-B
    FULL NAT
    Matching Condition
    For traffic from:192.168.100.11
    Going to:192.168.100.10
    Action
    Change the destination to:192.168.200.a
    Change the source to:192.168.201.b

    UTM-A
    FULL NAT
    Matching Condition
    For traffic from:192.168.201.b
    Going to:192.168.200.a
    Action
    Change the destination to:192.168.100.10
    Change the source to:192.168.100.11

    When doing setting above-mentioned, you'd be able to access 192.168.100.10 from 192.168.100.11.
    Maybe it works in IPSecVPN when Strict Routing is disable.
  • 0 in reply to YasunoriMatsuo
    Hi yasu, but I think that in the configuration that you propose, the packets destined from 192.168.100.10 to 192.168.100.11 never reach the default gateway and therefore forwarded through the tunnel, since the destination IP (192.168.100.11 ) is in the same subnet (level 2)
Reply
  • 0 in reply to YasunoriMatsuo
    Hi yasu, but I think that in the configuration that you propose, the packets destined from 192.168.100.10 to 192.168.100.11 never reach the default gateway and therefore forwarded through the tunnel, since the destination IP (192.168.100.11 ) is in the same subnet (level 2)
Children
No Data
Unfiltered HTML