VPN ISSUE.

My LAN IP range is , 10.200.0.0 / 16
I have Cisco 2811 Integrated Service Router which I configured for VPN connections.
When a User connects, he gets the IP from the range 10.201.0.0 / 16  ( This is what I gave in Pool )
I have a couple of Servers, One is running HP-UX , the other Windows.
IP Address for these Servers are 10.200.12.1  ,  10.200.12.3   respectively ( Mask is same 16 )

I have created Appropriate ACLs to allow VPN Users to connect these Servers.
Users are able to access the Servers with out any problem.
----------------------------------------------------------------------------------------

Now let me explain the Requirement ...  I have bought a Software from one company, which they need to access the above mentioned Servers from their Office to configure those remotely.
I have given them VPN access to connect our Network. But the problem is , Their LAN is also from the same Range 10.200.0.0 / 16  ( My bad luck ) ...  
So, they are not able to connect our Servers with VPN.

What should I do to allow them to access my Servers.  ?

Any help will be much appreciated.

Manu
LVL 7
manu4uAsked:
Who is Participating?
 
rsivanandanConnect With a Mentor Commented:
It should be possible.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html#anchor10

The link above shows some of the nat configurations. Take a look and see if you get what you want.

Cheers,
Rajesh
0
 
Andres PeralesCommented:
The only thing that I can think of is that someone may have to change their subnet...or you allow access to them via the internet...
0
 
manu4uAuthor Commented:
What I am thinking is ,

Can I make use of  natting , for example,

192.168.240.100  , is natted to  one of my Server 10.200.12.1

I mean, from the Remote Company, After connected to our Network with VPN Client,    they should be able to  use VNC to connect  IP 192.168.240.100  , and my Router identifies it and Nat it to our Internal Server IP.

Is it possible? ..
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
Andres PeralesCommented:
hmmm that might rock in essence you would be double natting...
0
 
manu4uAuthor Commented:
Unfortunately there is no way I can change the Subnet either side.
I am still looking for any useful comments / reply
0
 
manu4uAuthor Commented:
While searching for a solution to this issue, I found the following thread,

http://www.experts-exchange.com/Networking/Broadband/VPN/Q_22103656.html 

and it seems an impossible task which I am facing.

Can Irmoore / Robwill or  Rajesh  can confirm that it is impossible ? ...

Waiting for your confirmation experts
Manu
0
 
manu4uAuthor Commented:
Thanks Rajesh ,

I just figured out that NATTing can do the job, I did the following,

ip nat inside source static network 10.200.0.67 192.168.240.100 /32 route-map SDM_RMAP_2
ip nat inside source static network 10.200.12.27 192.168.240.101 /32 route-map SDM_RMAP_3
ip nat inside source static network 10.200.12.53 192.168.240.102 /32 route-map SDM_RMAP_5
ip nat inside source static network 10.200.12.54 192.168.240.103 /32 route-map SDM_RMAP_7
ip nat inside source static network 10.200.12.28 192.168.240.104 /32 route-map SDM_RMAP_9
ip nat inside source static network 10.200.12.29 192.168.240.105 /32 route-map SDM_RMAP_11

And it worked like a charm .....

Thanks to everyone,
Manu
0
All Courses

From novice to tech pro — start learning today.