mitchfarmer
asked on
Sonicwall: Trying to configure multiple matching remote LAN subnets
Hello,
We connect to over 100 site to site VPNs at this time. Every one of the remote sites currently has a unique LAN subnet.
So many new clients all have a 192.168.1.0 subnet etc on their side and we cannot figure out a way to allow them to keep those subnets since we already have matching ones on our side in use from remote companies, etc.
There has to be a way to do this with a device that allows 4000 site to site VPNs.
All we can find are ways to NAT in the event our subnet is the same as the remote we are trying to connect to.
Thanks.
We connect to over 100 site to site VPNs at this time. Every one of the remote sites currently has a unique LAN subnet.
So many new clients all have a 192.168.1.0 subnet etc on their side and we cannot figure out a way to allow them to keep those subnets since we already have matching ones on our side in use from remote companies, etc.
There has to be a way to do this with a device that allows 4000 site to site VPNs.
All we can find are ways to NAT in the event our subnet is the same as the remote we are trying to connect to.
Thanks.
bas2754
Unfortunately the NAT route is the way to do it. The way that traffic is selected it matches source and destination traffic. KInd of exciting to setup, but I have done it between Checkpoing and an ASA and after a few wrong check boxes being corrected it works brilliantly. Somewhere the traffic has to be NAT'd so there are unique selectors for it.
ASKER
bas2754:
I understand that if our subnet was the same as a remote's. That is not the issue. Let me try again.
Our LAN is 10.0.199.0/24 and we have ONE site to site VPN already set up and running for a remote LAN at 192.168.1.0/24
And we have 10000 more potential customers also on 192.168.1.0/24 and we are telling them now that we cannot do a site to site VPN with them unless they change their subnet to something we have not used yet.
Thanks.
I understand that if our subnet was the same as a remote's. That is not the issue. Let me try again.
Our LAN is 10.0.199.0/24 and we have ONE site to site VPN already set up and running for a remote LAN at 192.168.1.0/24
And we have 10000 more potential customers also on 192.168.1.0/24 and we are telling them now that we cannot do a site to site VPN with them unless they change their subnet to something we have not used yet.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.