a VPN Question

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Is it possible to have a VPN connection between two internal networks with
the same local IP range?
e.g
 
A

Alec

Distinguished
May 31, 2004
51
0
18,630
Archived from groups: comp.security.firewalls (More info?)

"Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
news:cap83i$aol$1@aiolos.aegean.gr...
> Is it possible to have a VPN connection between two internal networks with
> the same local IP range?
> e.g
>

Yes. It is possible. You must translate addresses at each VPN endpoint, that
is before the AH/ESP processing. Some of the more full-featured VPN gear is
capable of this. I know, for instance, that NetScreen firewall/VPN devices
can utilitize Mapped IP (MIPs) prior to routing the packets through the VPN
tunnel to accomplish this (see
http://services.netscreen.com/docs/vpn/vpn_overlap.pdf).

Alec
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
news:cap83i$aol$1@aiolos.aegean.gr...
> Is it possible to have a VPN connection between two internal networks
with
> the same local IP range?
> e.g
>

If two networks are using Network Address Translation (NAT) and the
private IP addresses in use are within the same subnet on either side,
then no. Neither network will be able to establish a VPN to the other.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".
 
A

Alec

Distinguished
May 31, 2004
51
0
18,630
Archived from groups: comp.security.firewalls (More info?)

"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:Rz9Ac.14395$Y3.9435@newsread2.news.atl.earthlink.net...
> "Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
> news:cap83i$aol$1@aiolos.aegean.gr...
> > Is it possible to have a VPN connection between two internal networks
> with
> > the same local IP range?
> > e.g
> >
>
> If two networks are using Network Address Translation (NAT) and the
> private IP addresses in use are within the same subnet on either side,
> then no. Neither network will be able to establish a VPN to the other.
>

Umm, yes, they can. That is the exact situation the link I provided in my
response above covers. That is, they show precisely how two private subnets
both utilizing the 192.168.1.x/24 subnet can communicate together. The
answer is, in fact, NAT (to be precise, Mapped IPs or MIPs, which are a
one-to-one mapping of translated addressing). Basically, on your side of the
tunnel you map the other side's network to a different subnet. It involves
some contortions, but is doable.

Alec
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Alec" <alec@nospam.com> wrote in message
news:FL9Ac.1255$zj1.730@newssvr23.news.prodigy.com...
>
> "Don Kelloway" <dkelloway@commodon.com> wrote in message
> news:Rz9Ac.14395$Y3.9435@newsread2.news.atl.earthlink.net...
> > "Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
> > news:cap83i$aol$1@aiolos.aegean.gr...
> > > Is it possible to have a VPN connection between two internal
networks
> > with
> > > the same local IP range?
> > > e.g
> > >
> >
> > If two networks are using Network Address Translation (NAT) and the
> > private IP addresses in use are within the same subnet on either
side,
> > then no. Neither network will be able to establish a VPN to the
other.
> >
>
> Umm, yes, they can. That is the exact situation the link I provided in
my
> response above covers. That is, they show precisely how two private
subnets
> both utilizing the 192.168.1.x/24 subnet can communicate together. The
> answer is, in fact, NAT (to be precise, Mapped IPs or MIPs, which are
a
> one-to-one mapping of translated addressing). Basically, on your side
of the
> tunnel you map the other side's network to a different subnet. It
involves
> some contortions, but is doable.
>
> Alec
>

Sorry. I did not see your post, but I will find it interesting to read
it when it appears. To date I've never known anyone to be able to
accomplish this task, nor have I have found any information indicating
the contrary.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Alec" <alec@nospam.com> wrote in message
news:FL9Ac.1255$zj1.730@newssvr23.news.prodigy.com...
>
> "Don Kelloway" <dkelloway@commodon.com> wrote in message
> news:Rz9Ac.14395$Y3.9435@newsread2.news.atl.earthlink.net...
> > "Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
> > news:cap83i$aol$1@aiolos.aegean.gr...
> > > Is it possible to have a VPN connection between two internal
networks
> > with
> > > the same local IP range?
> > > e.g
> > >
> >
> > If two networks are using Network Address Translation (NAT) and the
> > private IP addresses in use are within the same subnet on either
side,
> > then no. Neither network will be able to establish a VPN to the
other.
> >
>
> Umm, yes, they can. That is the exact situation the link I provided in
my
> response above covers. That is, they show precisely how two private
subnets
> both utilizing the 192.168.1.x/24 subnet can communicate together. The
> answer is, in fact, NAT (to be precise, Mapped IPs or MIPs, which are
a
> one-to-one mapping of translated addressing). Basically, on your side
of the
> tunnel you map the other side's network to a different subnet. It
involves
> some contortions, but is doable.
>
> Alec
>

That's odd... I just refreshed the NG and 'lo and behold there's your
post. Time to do some reading to see how this is being accomplished.
Thanks for the info.


--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:ES9Ac.14406$Y3.1679@newsread2.news.atl.earthlink.net...
> "Alec" <alec@nospam.com> wrote in message
> news:FL9Ac.1255$zj1.730@newssvr23.news.prodigy.com...
> >
> > "Don Kelloway" <dkelloway@commodon.com> wrote in message
> > news:Rz9Ac.14395$Y3.9435@newsread2.news.atl.earthlink.net...
> > > "Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
> > > news:cap83i$aol$1@aiolos.aegean.gr...
> > > > Is it possible to have a VPN connection between two internal
> networks
> > > with
> > > > the same local IP range?
> > > > e.g
> > > >
> > >
> > > If two networks are using Network Address Translation (NAT) and
the
> > > private IP addresses in use are within the same subnet on either
> side,
> > > then no. Neither network will be able to establish a VPN to the
> other.
> > >
> >
> > Umm, yes, they can. That is the exact situation the link I provided
in
> my
> > response above covers. That is, they show precisely how two private
> subnets
> > both utilizing the 192.168.1.x/24 subnet can communicate together.
The
> > answer is, in fact, NAT (to be precise, Mapped IPs or MIPs, which
are
> a
> > one-to-one mapping of translated addressing). Basically, on your
side
> of the
> > tunnel you map the other side's network to a different subnet. It
> involves
> > some contortions, but is doable.
> >
> > Alec
> >
>
> That's odd... I just refreshed the NG and 'lo and behold there's your
> post. Time to do some reading to see how this is being accomplished.
> Thanks for the info.
>
>

Though there are some specifics to making this work, that was
interesting to read.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".
 
A

Alec

Distinguished
May 31, 2004
51
0
18,630
Archived from groups: comp.security.firewalls (More info?)

"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:S8aAc.14415$Y3.8822@newsread2.news.atl.earthlink.net...
> "Don Kelloway" <dkelloway@commodon.com> wrote in message
> news:ES9Ac.14406$Y3.1679@newsread2.news.atl.earthlink.net...
> > "Alec" <alec@nospam.com> wrote in message
> > news:FL9Ac.1255$zj1.730@newssvr23.news.prodigy.com...
> > >
> > > "Don Kelloway" <dkelloway@commodon.com> wrote in message
> > > news:Rz9Ac.14395$Y3.9435@newsread2.news.atl.earthlink.net...
> > > > "Hatzigiannakis Nikos" <nikos@ypai.gr> wrote in message
> > > > news:cap83i$aol$1@aiolos.aegean.gr...
> > > > > Is it possible to have a VPN connection between two internal
> > networks
> > > > with
> > > > > the same local IP range?
> > > > > e.g
> > > > >
> > > >
> > > > If two networks are using Network Address Translation (NAT) and
> the
> > > > private IP addresses in use are within the same subnet on either
> > side,
> > > > then no. Neither network will be able to establish a VPN to the
> > other.
> > > >
> > >
> > > Umm, yes, they can. That is the exact situation the link I provided
> in
> > my
> > > response above covers. That is, they show precisely how two private
> > subnets
> > > both utilizing the 192.168.1.x/24 subnet can communicate together.
> The
> > > answer is, in fact, NAT (to be precise, Mapped IPs or MIPs, which
> are
> > a
> > > one-to-one mapping of translated addressing). Basically, on your
> side
> > of the
> > > tunnel you map the other side's network to a different subnet. It
> > involves
> > > some contortions, but is doable.
> > >
> > > Alec
> > >
> >
> > That's odd... I just refreshed the NG and 'lo and behold there's your
> > post. Time to do some reading to see how this is being accomplished.
> > Thanks for the info.
> >
> >
>
> Though there are some specifics to making this work, that was
> interesting to read.
>
> --
> Best regards, from Don Kelloway of Commodon Communications
> Visit http://www.commodon.com to learn about the "Threats to Your
> Security on the Internet".
>

I hope it is useful sometime. Hey, btw, sorry about earlier. I re-read my
post later and thought it came off a bit rude. I didn't mean it to be. It's
just I thought that you had seen my prior link.

Alec
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

"Alec" <alec@nospam.com> wrote in message
news:iBmAc.6877$QJ1.2451@newssvr22.news.prodigy.com...
>
> I hope it is useful sometime. Hey, btw, sorry about earlier. I re-read
my
> post later and thought it came off a bit rude. I didn't mean it to be.
It's
> just I thought that you had seen my prior link.
>
> Alec
>

Not a problem.

I've been seeing latency issues where I have to keep refreshing the NG
and as a result, some posts magically appear.

best regards
Don Kelloway
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom