NAT-Translation for Site2Site VPN

itBJA

Hi,
we need to set up a site2site, but we have overlapping networks.
We use 172.16.0.0/16 for routing our own network between computing centres.

The Remote side which we need to connect uses 172.16.3.0/24, 172.16.4.0/24 and 172.16.170.0/24 as their networks.

Multiple networks from our side need to reach those networks, and one single server on our side also.

I'm currently trying to figure out, how to set NAT networks in the P2-entries.
I thought about using 10.1.3.0/24 for their 172.16.3.0/24 network, while they will use 10.2.100.0/24 for example for one of our networks.
But when setting this for the P2 where on our side only one address is set as local, how do I need to set this up?

viragomann

@itBJA
In the p2 you can only masquerade your network. However, for communication also the remote site has to masquerade their networks. Otherwise you were not able to access anything there or lose access to the local network.

This could look like that:

At local network state 172.16.0.0/16.
At NAT/BINAT select network and enter e.g. 10.16.0.0/16
At remote enter their masquerading networks. E.g. 10.116.3.0/24 for 172.16.3.0/24.

The remote site has to use 10.16.0.0/16 as "remote network" and nat 172.16.3.0/24 to 10.116.3.0/24.

Then you have a 1:1 NAT. This means if 172.16.3.26 on your site connects to 172.16.3.26 on the remote site, it needs you use 10.116.3.26 as destaintion.