VPN - multiple destination networks with 192.168.1.0/24

Archived from groups: comp.dcom.vpn (More info?)

I need to create VPNs with several trading partners. I've encountered
a limitation of my SonicWALL Pro 200 in that only one destination
network can have a given network/subnet. For example, if both Trading
Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
interace, then I will only be able to create the VPN to one of them.
I understand the basic issue--how would my firewall know which trading
partner LAN to send the traffic to. However, I can't very well ask my
trading partners to renumber their internal networks. SonicWALL's new
software called SonicOS can handle the situation of overlapping
subnets, but it isn't available for my model.

Does this situation exist for other firewall brands? Is there a
workaround? Are there other firewall appliances such as PIX geared to
small/mid-sized enviroments that don't have this limitation?

Thanks for your advice.
2 answers Last reply
More about multiple destination networks
  1. Archived from groups: comp.dcom.vpn (More info?)

    dac56@hotmail.com (Coop) wrote in
    news:508609fe.0406092121.7f60e527@posting.google.com:

    > I need to create VPNs with several trading partners. I've encountered
    > a limitation of my SonicWALL Pro 200 in that only one destination
    > network can have a given network/subnet. For example, if both Trading
    > Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
    > interace, then I will only be able to create the VPN to one of them.
    > I understand the basic issue--how would my firewall know which trading
    > partner LAN to send the traffic to. However, I can't very well ask my
    > trading partners to renumber their internal networks. SonicWALL's new
    > software called SonicOS can handle the situation of overlapping
    > subnets, but it isn't available for my model.
    >
    > Does this situation exist for other firewall brands? Is there a
    > workaround? Are there other firewall appliances such as PIX geared to
    > small/mid-sized enviroments that don't have this limitation?
    >
    > Thanks for your advice.
    >

    I think the Contivity VPN switches don't have that problem, but I'm not
    sure that's the kind of solution you're looking for.
    Viking.
  2. Archived from groups: comp.dcom.vpn (More info?)

    The Nortel Networks Contivity VPN device will handle this perfectly.
    This device will do NAT thru the VPN tunnels. You can do a different
    NAT (either static, port or pooled) thru each tunnel, and therefore
    the end user needs not change their network. So say site 1 and site2
    are 192.168.0.0/24. You can say any traffic comming from site 1,
    convert on a one to one basis to 10.0.0.0/24. So the effect would be
    traffic commming from 192.168.0.12 would be seen as 10.0.0.12. This
    would be done in conjunction with a Contivity at the far end.


    192.168.0.0---Contivity1-----Branch
    OfficeTunnel----Contivity2----100.0.0.0
    packet----->----->NAT to 10.0.0.0--->--->--->--->-----sees 10 net

    Hope this helps

    Rossi


    Viking <belgianvikings@hotmail.com> wrote in message news:<Xns9504D21C9E7A7belgianvikings@195.130.132.70>...
    > dac56@hotmail.com (Coop) wrote in
    > news:508609fe.0406092121.7f60e527@posting.google.com:
    >
    > > I need to create VPNs with several trading partners. I've encountered
    > > a limitation of my SonicWALL Pro 200 in that only one destination
    > > network can have a given network/subnet. For example, if both Trading
    > > Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
    > > interace, then I will only be able to create the VPN to one of them.
    > > I understand the basic issue--how would my firewall know which trading
    > > partner LAN to send the traffic to. However, I can't very well ask my
    > > trading partners to renumber their internal networks. SonicWALL's new
    > > software called SonicOS can handle the situation of overlapping
    > > subnets, but it isn't available for my model.
    > >
    > > Does this situation exist for other firewall brands? Is there a
    > > workaround? Are there other firewall appliances such as PIX geared to
    > > small/mid-sized enviroments that don't have this limitation?
    > >
    > > Thanks for your advice.
    > >
    >
    > I think the Contivity VPN switches don't have that problem, but I'm not
    > sure that's the kind of solution you're looking for.
    > Viking.
Ask a new question

Read More

VPN Firewalls Networking