Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to solve Local and Remote IP conflict?

    IPsec
    3
    3
    3748
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      muggidk last edited by

      I am trying to figure out how to solve a connection issue. I have to connect from our office to a customers office. Problem is that we are using the same ip address range on our subnets. They are both 192.168.5.0/24.

      The customer needs to connect to a server on our network 192.168.5.3. The setup is:

      CUSTOMER NET ->    CUSTOMER FW       -> Internet ->      OUR FW                 -> OUR SEVER
      192.168.5.0/24      inside 192.168.5.1/24                       inside 192.168.5.1/24       192.168.5.3
                                outside 88.88.88.01                         outside 88.88.88.02

      I have tried making a tunnel to a local subnet called 192.168.15.0/24 but the tunnel will not connect. Is it because of the bogus ip address, or is it someting else. I have tried adding the network 192.168.15.0/24 under Firewall -> Virtual IP, but that did not help. I think I would need a virtual ip for the lan interface like 192.168.15.1, right? How do I do that?

      Would it be possible to then create a NAT rule translating a connection to an IP on the 192.168.15.0/24 network to the server addres o our network 192.168.5.3? And how do i do that?!?

      1 Reply Last reply Reply Quote 0
      • Cry Havok
        Cry Havok last edited by

        You've got an interesting challenge there ;)

        The best solution is to change your network to something not in the 192.168.x.x range.  Maybe something in the 172.16-172.31 or 10. ranges.

        1 Reply Last reply Reply Quote 0
        • dotdash
          dotdash last edited by

          Another solution is to pitch in on the existing bounty. http://forum.pfsense.org/index.php/topic,10570.0.html

          1 Reply Last reply Reply Quote 0
          • First post
            Last post