Site to Site VPN: How to split subnet
Hi Guys,
We've setup a site-to-site VPN with a SonicWALL TZ400 on both sides.
We would like to use the same IP range and subnet on both sides.
Is it possible to split the subnet to accommodate this scenario?
We've setup a site-to-site VPN with a SonicWALL TZ400 on both sides.
We would like to use the same IP range and subnet on both sides.
Is it possible to split the subnet to accommodate this scenario?
John
It is always best (over years of experience with this) to have different subnets at each end. Can you accommodate this? We usually do this for the smaller, less complicated end.
I agree with John. I would think you would create a routing nightmare.
ASKER
Thanks John,
If this is the recommended (best) route, I will adjust accordingly.
Servers are split between sites. DNS should take care of different networks (IP's)?
If this is the recommended (best) route, I will adjust accordingly.
Servers are split between sites. DNS should take care of different networks (IP's)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Different addresses on both ends is ideal, yet since RFC1918 addresses are likely to overlap between many entiities, changing addressing is not always and in many cases not possible. In this case you will want to either NAT on both sides of the VPN, twice nat on one end, or nat your local network to a public address on one end. Thus, there are many solutions to this problem.
How are the ip segments defined on each side, as others pointed out, the IPs have to be unique, distinct?
In the situation where both sides have the same ip segment, you would need to create ip overlay.
Site A 10.0.0.0/24
Site B 10.0.0.0/24
In the VPN setup
solely for purpose of the VZpn
On each site
Site A to Site ZB you would define a one to one 192.168.0.0/24 => 10.0.0.0/24
Similarly on sire B, you would setup similarly 192.168.1.0/24 => 10.0.0.0/24
Translation map
The difficulty in such a setup is that individuals on either side have to use IPs.
As others and your subsequent comment, it is best to have distinct IPs at each side, and if these are related branches, the DNS replication ir use of DNS stub zones would allow access by hostname.
In the situation where both sides have the same ip segment, you would need to create ip overlay.
Site A 10.0.0.0/24
Site B 10.0.0.0/24
In the VPN setup
solely for purpose of the VZpn
On each site
Site A to Site ZB you would define a one to one 192.168.0.0/24 => 10.0.0.0/24
Similarly on sire B, you would setup similarly 192.168.1.0/24 => 10.0.0.0/24
Translation map
The difficulty in such a setup is that individuals on either side have to use IPs.
As others and your subsequent comment, it is best to have distinct IPs at each side, and if these are related branches, the DNS replication ir use of DNS stub zones would allow access by hostname.