Solved

VPN ISSUE.

Posted on 2008-06-18
7
842 Views
Last Modified: 2008-06-18
My LAN IP range is , 10.200.0.0 / 16
I have Cisco 2811 Integrated Service Router which I configured for VPN connections.
When a User connects, he gets the IP from the range 10.201.0.0 / 16  ( This is what I gave in Pool )
I have a couple of Servers, One is running HP-UX , the other Windows.
IP Address for these Servers are 10.200.12.1  ,  10.200.12.3   respectively ( Mask is same 16 )

I have created Appropriate ACLs to allow VPN Users to connect these Servers.
Users are able to access the Servers with out any problem.
----------------------------------------------------------------------------------------

Now let me explain the Requirement ...  I have bought a Software from one company, which they need to access the above mentioned Servers from their Office to configure those remotely.
I have given them VPN access to connect our Network. But the problem is , Their LAN is also from the same Range 10.200.0.0 / 16  ( My bad luck ) ...  
So, they are not able to connect our Servers with VPN.

What should I do to allow them to access my Servers.  ?

Any help will be much appreciated.

Manu
0
Comment
Question by:manu4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21814917
The only thing that I can think of is that someone may have to change their subnet...or you allow access to them via the internet...
0
 
LVL 7

Author Comment

by:manu4u
ID: 21814961
What I am thinking is ,

Can I make use of  natting , for example,

192.168.240.100  , is natted to  one of my Server 10.200.12.1

I mean, from the Remote Company, After connected to our Network with VPN Client,    they should be able to  use VNC to connect  IP 192.168.240.100  , and my Router identifies it and Nat it to our Internal Server IP.

Is it possible? ..
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 21815027
hmmm that might rock in essence you would be double natting...
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 7

Author Comment

by:manu4u
ID: 21819325
Unfortunately there is no way I can change the Subnet either side.
I am still looking for any useful comments / reply
0
 
LVL 7

Author Comment

by:manu4u
ID: 21819467
While searching for a solution to this issue, I found the following thread,

http://www.experts-exchange.com/Networking/Broadband/VPN/Q_22103656.html 

and it seems an impossible task which I am facing.

Can Irmoore / Robwill or  Rajesh  can confirm that it is impossible ? ...

Waiting for your confirmation experts
Manu
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 21819613
It should be possible.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/prod_configuration_examples_list.html#anchor10

The link above shows some of the nat configurations. Take a look and see if you get what you want.

Cheers,
Rajesh
0
 
LVL 7

Author Comment

by:manu4u
ID: 21819718
Thanks Rajesh ,

I just figured out that NATTing can do the job, I did the following,

ip nat inside source static network 10.200.0.67 192.168.240.100 /32 route-map SDM_RMAP_2
ip nat inside source static network 10.200.12.27 192.168.240.101 /32 route-map SDM_RMAP_3
ip nat inside source static network 10.200.12.53 192.168.240.102 /32 route-map SDM_RMAP_5
ip nat inside source static network 10.200.12.54 192.168.240.103 /32 route-map SDM_RMAP_7
ip nat inside source static network 10.200.12.28 192.168.240.104 /32 route-map SDM_RMAP_9
ip nat inside source static network 10.200.12.29 192.168.240.105 /32 route-map SDM_RMAP_11

And it worked like a charm .....

Thanks to everyone,
Manu
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month9 days, 5 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question