[VPN] Re: fw1 site to site vpn subnet conflict

[Ken Livingston]

I take it that it would be too much to change either your private network
subnet or the subnet on the other end which conflicts with yours?  I think
that's going to be the only thing you can do in this case.  If the
individual devices on the remote end don't need access to the rest of their
network, you can try changing their default gateway to the IP address of
the VPN endpoint on the remote side and that should allow their traffic to
pass through the VPN correctly, but they won't be able to access the other
network subnets on their own side.

Maybe someone else have other ideas but I think you'll have to change one
side or the other in order to make this work properly.

Undrhil

----- Original Message ----- 
From: "zoe" <zmmay at hotmail.com>
To: <vpn at lists.shmoo.com>
Sent: Wednesday, August 30, 2006 11:30 AM
Subject: [VPN] fw1 site to site vpn subnet conflict


> Hi
>
> I have a site to site vpn with a client (fw1 at each end). I only have
one
> private subnet behind my firewall but my client has many and
> one of these conflicts with mine.
> Initially I only needed this connection to work one way (us --> them) so
I
> put a manual nat rule in place which hide nats my /24 behind
> a different private /24 for connections to the client. This works fine
>
> Now I have been asked to enable inbound traffic to certain hosts from the
> client (them --> us). They can't use the real addresses of my
> hosts as they would be routed to their own network. Any suggestions on
how
> this can be done (if at all)? I have tried a few things including adding
> static nat inbound to the few hosts they need to access but have had no
> success. I can post more config if anyone thinks they can help
>
> Thanks
>
> Zoe
>
>
>
>
>
>


---------------------------------------------------------------------------
-----


> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn