manu4u
asked on
VPN ISSUE.
My LAN IP range is , 10.200.0.0 / 16
I have Cisco 2811 Integrated Service Router which I configured for VPN connections.
When a User connects, he gets the IP from the range 10.201.0.0 / 16 ( This is what I gave in Pool )
I have a couple of Servers, One is running HP-UX , the other Windows.
IP Address for these Servers are 10.200.12.1 , 10.200.12.3 respectively ( Mask is same 16 )
I have created Appropriate ACLs to allow VPN Users to connect these Servers.
Users are able to access the Servers with out any problem.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --
Now let me explain the Requirement ... I have bought a Software from one company, which they need to access the above mentioned Servers from their Office to configure those remotely.
I have given them VPN access to connect our Network. But the problem is , Their LAN is also from the same Range 10.200.0.0 / 16 ( My bad luck ) ...
So, they are not able to connect our Servers with VPN.
What should I do to allow them to access my Servers. ?
Any help will be much appreciated.
Manu
I have Cisco 2811 Integrated Service Router which I configured for VPN connections.
When a User connects, he gets the IP from the range 10.201.0.0 / 16 ( This is what I gave in Pool )
I have a couple of Servers, One is running HP-UX , the other Windows.
IP Address for these Servers are 10.200.12.1 , 10.200.12.3 respectively ( Mask is same 16 )
I have created Appropriate ACLs to allow VPN Users to connect these Servers.
Users are able to access the Servers with out any problem.
--------------------------
Now let me explain the Requirement ... I have bought a Software from one company, which they need to access the above mentioned Servers from their Office to configure those remotely.
I have given them VPN access to connect our Network. But the problem is , Their LAN is also from the same Range 10.200.0.0 / 16 ( My bad luck ) ...
So, they are not able to connect our Servers with VPN.
What should I do to allow them to access my Servers. ?
Any help will be much appreciated.
Manu
The only thing that I can think of is that someone may have to change their subnet...or you allow access to them via the internet...
ASKER
What I am thinking is ,
Can I make use of natting , for example,
192.168.240.100 , is natted to one of my Server 10.200.12.1
I mean, from the Remote Company, After connected to our Network with VPN Client, they should be able to use VNC to connect IP 192.168.240.100 , and my Router identifies it and Nat it to our Internal Server IP.
Is it possible? ..
Can I make use of natting , for example,
192.168.240.100 , is natted to one of my Server 10.200.12.1
I mean, from the Remote Company, After connected to our Network with VPN Client, they should be able to use VNC to connect IP 192.168.240.100 , and my Router identifies it and Nat it to our Internal Server IP.
Is it possible? ..
hmmm that might rock in essence you would be double natting...
ASKER
Unfortunately there is no way I can change the Subnet either side.
I am still looking for any useful comments / reply
I am still looking for any useful comments / reply
ASKER
While searching for a solution to this issue, I found the following thread,
https://www.experts-exchange.com/questions/22103656/VPN-to-remote-network-on-same-subnet-as-local-network.html
and it seems an impossible task which I am facing.
Can Irmoore / Robwill or Rajesh can confirm that it is impossible ? ...
Waiting for your confirmation experts
Manu
https://www.experts-exchange.com/questions/22103656/VPN-to-remote-network-on-same-subnet-as-local-network.html
and it seems an impossible task which I am facing.
Can Irmoore / Robwill or Rajesh can confirm that it is impossible ? ...
Waiting for your confirmation experts
Manu
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Rajesh ,
I just figured out that NATTing can do the job, I did the following,
ip nat inside source static network 10.200.0.67 192.168.240.100 /32 route-map SDM_RMAP_2
ip nat inside source static network 10.200.12.27 192.168.240.101 /32 route-map SDM_RMAP_3
ip nat inside source static network 10.200.12.53 192.168.240.102 /32 route-map SDM_RMAP_5
ip nat inside source static network 10.200.12.54 192.168.240.103 /32 route-map SDM_RMAP_7
ip nat inside source static network 10.200.12.28 192.168.240.104 /32 route-map SDM_RMAP_9
ip nat inside source static network 10.200.12.29 192.168.240.105 /32 route-map SDM_RMAP_11
And it worked like a charm .....
Thanks to everyone,
Manu
I just figured out that NATTing can do the job, I did the following,
ip nat inside source static network 10.200.0.67 192.168.240.100 /32 route-map SDM_RMAP_2
ip nat inside source static network 10.200.12.27 192.168.240.101 /32 route-map SDM_RMAP_3
ip nat inside source static network 10.200.12.53 192.168.240.102 /32 route-map SDM_RMAP_5
ip nat inside source static network 10.200.12.54 192.168.240.103 /32 route-map SDM_RMAP_7
ip nat inside source static network 10.200.12.28 192.168.240.104 /32 route-map SDM_RMAP_9
ip nat inside source static network 10.200.12.29 192.168.240.105 /32 route-map SDM_RMAP_11
And it worked like a charm .....
Thanks to everyone,
Manu