How to NAT to avoid IP conflict when using VPN?
-
Hi guys,
I have set up VPN for 3 locations:
Location #1: VPN server
Location #2: networks 192.168.25.0/24 (only 5 servers at this location 192.168.25.2-6)
Location #3: networks 192.168.25.0/24 (only 10 servers at this location 192.168.25.100-109)I cannot change IP for any server. Is there a way to NAT all 5 IP in location#2, so that my VPN server can access all 15 servers at location#2 and location#3?
Thanks,
-
NAT must be done at location 2 or location 3.
If the colliding subnet was on your side, you could do it, but it would require them to change the IPsec on their end.
You can try a phase 2 to location 2 with a remote network of 192.168.25.0/29 and a phase 2 at location 3 of 192.168.25.96/28.
But if the other side initiates and attempts to establish a P2 for the /24 it will fail. If you initiate and the other side is configured for /24 it might accept it and it might not. If you can get them to change the phase 2 settings to match those netmasks it should work just fine.
-
Hi Derelict,
As I add more location to VPN, I find location 4 and location 5 are both using 192.168.214.0/24 block. Each location has a lot of servers using this IP block. Is there a way to NAT the whole IP block in location 4 to a new IP block, one-to-one IP NAT (for example 192.168.214.99 <–> 10.10.7.99)? The objective is to be able to reach each server at both locations.
Thank you,
-
That's pretty unlucky.
Yes, but the NAT has to be done at that location. For them to talk to each other it has to be done at both locations.