anamops
asked on
Checkpoint site to site vpn overlapping subnet
I am trying to create a site to site vpn with a 3rd party firewall. The main problem is that my encryption domain is configured as 172.16.0.0/16 and the 3rd parties is 172.16.56.0/25 (so there is an overlap). However, in actuality our encryption domain is actually only using 172.16.0.0/24 ip addresses. I can't adjust my encryption domain subnet as there areover 15 site to site vpns confgured and this would impact those vpns
How can I configure a site to site vpn given that our subnets overlap? I found some documentation regarding making changes to my Checkpoint R62 user.def.NGCMP file (subnet per peer and subnet per range etc) but it seems a bit vague. Does anyone have suggestions on configuring this outside of changing my encryption domain which is not an option?
Thanks
How can I configure a site to site vpn given that our subnets overlap? I found some documentation regarding making changes to my Checkpoint R62 user.def.NGCMP file (subnet per peer and subnet per range etc) but it seems a bit vague. Does anyone have suggestions on configuring this outside of changing my encryption domain which is not an option?
Thanks
U can try and get the remote site to change their domain by doing a NAT to other IP range.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.