Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase 2 BINAT same subnet on remote and local point to point

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kapara
      last edited by

      Is the BINAT feature for phase to for a situation where the remote network and the local network for phase 2 in a vpn is the same?  Does it allow translating to a intermediary subnet so that VPN can still be established?

      Skype ID:  Marinhd

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Yes but if both sides have the same LAN then both sides must NAT.

        Imagine a scenario where Site A and Site B have 192.168.1.1 for the LAN.

        Site A will use a fake/NAT subnet of 10.0.1.0/24, Site B will use 10.0.2.0/24

        Site A's P2 will have:
        Local: 192.168.1.0/24
        NAT/BINAT: 10.0.1.0/24
        Remote: 10.0.2.0/24

        Site B's P2 will have:
        Local: 192.168.1.0/24
        NAT/BINAT: 10.0.2.0/24
        Remote: 10.0.1.0/24

        And then to reach each other, they each use the appropriate 10.0.x.x addresses.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          kapara
          last edited by

          Thanks jimp.

          Skype ID:  Marinhd

          1 Reply Last reply Reply Quote 0
          • K
            kapara
            last edited by

            So what about this situation:

            Site A:

            Using a (Interface with) subnet with 192.168.1.0/24 different network. (Not part of VPN tunnel)

            IPSEC P2 Local Subnet is 172.20.20.0/24

            Site B:

            LAN is 192.168.1.0/24

            P2 local is using this 192.168.1.0/24 subnet.

            What would be the proper way to use BINAT or is it not needed?  Will the IPSEC tunnel know to direct traffic for the 172.20.20.0/24 going to 192.168.1.0/24 through the tunnel even though there is annother interface using 192.168.1.0/24?

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.