Solved

Best practices for integrating recent acquistion into existing IP network

Posted on 2013-06-10
2
187 Views
Last Modified: 2013-06-13
The company I work for purchased  another company that already had (5) sites around the country.
The new company currently uses ENLAN Ip backbone for Layer 2 between the (5) sites. My goal is to incorporate them onto out exisint AVPN network and make them an end node same as the other (8) sites already on my network.

We have several overlapping Ip subnets. The new company stated they would possibly re-ip some of those. So that is good. Some of their ip schemes would be difficult to re-IP especially their data center.

I know natting can be employed but not sure where that actually occurs. Is this done on their new AVPN router?

I am looking for a project template with proven steps to guide me through this design.
Current-ENLAN-network-diagram-of.docx
Design-project-PROPOSED-AVPN-net.pdf
0
Comment
Question by:s_coad5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 39237956
yes, whatever the gateway device is that you are going to use to connect them to AVPN.  And you only need to policy nat for the overlapping areas.  and you'll need to do the policy nat in reverse on the other side.

quick example

site a (10.1.1.0/24)  <----site to site vpn--->  site b(10.1.1.0/24)

obviously they can't communicate so you configure site a to treat site b like its IP subnet is 10.1.3.0/24 and site b configured to look at site a as 10.1.2.0/24).

This will work for most things.  Where the problem comes into being is the same as anything where NAT is involved.  If packets get authenticated by the applications (e.g. Active Directory it looks like), then you have problems.  

But there is no reason you can't get it working using policy nat.  You just need to virtually re-ip using policy nat.  Then when you're far enough along that you can do the re-ip (and you will have to do a rip and replace) then you can just rip out the policy nat part of the config and treat it as any other vpn config
0
 

Author Closing Comment

by:s_coad5
ID: 39244485
Thank you
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question