?
Solved

create a vpn connections when both sides have same network addressing

Posted on 2010-11-08
18
Medium Priority
?
494 Views
Last Modified: 2012-05-10
I have to create a VPN between 2 sites but they both have the same internal ip scheme of 192.169.0XX
I believe I have to do NAT but I need step by step instuructions on how to do this.
Thanks
0
Comment
Question by:kcassone
  • 5
  • 3
  • 3
  • +3
16 Comments
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34087935
if they are on the same IP address range, then you will really struggle.

if you have a device at each location with an IP of 192.168.0.1 how will the VPN tunnel know which device you want?

don't think you're going to be able to solve this one without changing the range of one site.
0
 

Author Comment

by:kcassone
ID: 34087964
There must be way to do this!
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34088019
a lot will depend on what you are using to establish the VPN link.

what hardware do you have?
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 15

Expert Comment

by:JBond2010
ID: 34088045
This is not the best to do it. Why not change the ip schema on either site? Technically this could prove very cumbersome. When PCs are sending and receiving packets your router performs what is known as bitwise, where is compare the ip host address and the subnet to decide if the packet is destined internally or an external network. I can't see how this can be achieved when both networks are using the same ip schema.
0
 
LVL 7

Expert Comment

by:compaqus
ID: 34088104
Your host will not ask your default gw if the address you are looking for is on the same subnet as yourself.

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23024107.html
0
 
LVL 7

Expert Comment

by:compaqus
ID: 34088140
Maybe a peer to peer route? And static IP-s on both networks...
0
 

Author Comment

by:kcassone
ID: 34088247
We need to keep information separate.
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34088259
if you have to keep the information seperate, why the need for the VPN?

again - what hardare are you using to establish the VPN?
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34088269
This is not going to work for you. I have explained to you in my previous comment why the network id's have to be different.
0
 

Author Comment

by:kcassone
ID: 34088310
For backups

We are using netvanta 3200 and
Netgear fvs318
0
 
LVL 23

Accepted Solution

by:
jakethecatuk earned 1000 total points
ID: 34088381
[quote from my first post]don't think you're going to be able to solve this one without changing the range of one site.[end quote]

guess what - you can't do it with your current config.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 1000 total points
ID: 34088449
jake's got it.  i've researched this before and the netgear fvs318 will not perform NAT over VPN.  also, with a cursory glance at the specs on the netvanta, it doesn't look like it will either.

NAT over VPN is possible as I've done it with Sonicwall hardware many times.  As indicated already, the best option is to change the IP network so the two sites don't have the same IP subnet.  However, this isn't always an option.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34293425
@kcassone :: i'm sorry you weren't able to find the answer you were seeking here.  unfortunately, the hardware you have is limiting your abilities to perform a VPN with identical subnets.  this was pointed out by myself (http:#a34088449) and jake (http:#a34088381).  although not a desireable solution, it is still a solution and points should be awared accrodingly.  two options exist:

all points going to jake for his solution here: http:#a34088381
split between myself (http:#a34088449) and jake (http:#a34088381)

i suppose there is a third option, which is to have the question deleted, but that would be up to a moderator.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34298494
the author's hardware doesn't support what they are requesting.  my solution and jake's solution point this out.  i'm proposing a point split:

Jake's as the solution: http:#a34088381
Mine as assisted solution: http:#a34088449
0
 
LVL 23

Expert Comment

by:jakethecatuk
ID: 34299042
I agree with digitap
0
 

Expert Comment

by:thermoduric
ID: 34367578
I am restarting the auto-close procedure on behalf of the question asker. After Moderator review, the new disposition seems to be more appropriate to the outcome of this question.

- thermoduric -
EE Community Support Moderator
http://www.experts-exchange.com/Q_26663260.html

0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question