[vpn] Site-to-site VPNs to same networks
Natasha Smith
natasha at espace.net
Wed Jul 10 19:52:19 EDT 2002
Q8 in the FAQ touches on this slightly, but generally I don't think
the FAQ adresses this.
The original idea was that this situation would exist -- the example
was one of the ANX problems -- Bob Moskowitz used to tell us that
Chrysler used 10.x.x.x addresses to talk to Isuzu in the same address range.
The answer, hopefully, was that the VPN gateway did NAT also. So
the packets would be NAT-translated "at each end of the VPN tunnel".
So, as a user, the trick would be to obtain two VPN gateways that
had NAT properly integrated. Then, you'd configure each end to
"talk to the public-equivalent address of the other end".
The VPNC web site probably doesn't address this -- specifically, use
or type of use of NAT is not listed in the features page.
At 08:08 PM 7/10/02 +0000, Tina Bird wrote:
>The way I read Siddhartha's message, he is concerned that the >internal<
>networks are addressed out of the same range. If that's the case, the use
>of the external address isn't going to fix things -- because there's no
>way to do the routing. Remember that the local system has to know to send
>traffic destined for the remote private network to the VPN gateway. If
>the both the local and remote LANs are addressed from, say,
>192.168.16.0/24, there's no way to route.
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list