Sonicwall: Trying to configure multiple matching remote LAN subnets

Hello,

We connect to over 100 site to site VPNs at this time. Every one of the remote sites currently has a unique LAN subnet.

So many new clients all have a 192.168.1.0 subnet etc on their side and we cannot figure out a way to allow them to keep those subnets since we already have matching ones on our side in use from remote companies, etc.

There has to be a way to do this with a device that allows 4000 site to site VPNs.

All we can find are ways to NAT in the event our subnet is the same as the remote we are trying to connect to.

Thanks.
mitchfarmerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bas2754Commented:
Unfortunately the NAT route is the way to do it.  The way that traffic is selected it matches source and destination traffic.  KInd of exciting to setup, but I have done it between Checkpoing and an ASA and after a few wrong check boxes being corrected it works brilliantly.  Somewhere the traffic has to be NAT'd so there are unique selectors for it.
0
mitchfarmerAuthor Commented:
bas2754:

I understand that if our subnet was the same as a remote's. That is not the issue. Let me try again.

Our LAN is 10.0.199.0/24 and we have ONE site to site VPN already set up and running for a remote LAN at 192.168.1.0/24

And we have 10000 more potential customers also on 192.168.1.0/24 and we are telling them now that we cannot do a site to site VPN with them unless they change their subnet to something we have not used yet.

Thanks.
0
bas2754Commented:
The same applies.  We have a client with a vendor that has a VPN connection between them. The client's subnet is 192.168.3.X/24.  This subnet is the same as another client the vendor works with.  We had to NAT the client's subnet to a different IP in our ASA so that we could setup the VPN.  Bothe sides of the tunnel have to have a unique traffic selection.  There is no way for two VPNs on the same device to have the same source and destination selections.  

Now you could get creative with using multiple sibnets or if you only need to communicate from a single device on your network with their netwrok or vice versa then you could limit traffic to just that single IP for one client and then add a secondary IP to your single device and use that for another client.

Bottom line is somewhere on one side of the VPN you are going to have to NAT the traffic.  I mostly see this NAT done on the sidebof the VPN that has the duplicate network (ie the client in your case).  But running into this early in my IT days is why we try to set all our clients to differi f IPschemes internally.  Very few have the 192.168.1 or .2 schemes.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.