Sign in with
Sign up | Sign in
Your question

VPN - multiple destination networks with 192.168.1.0/24

Last response: in Networking
Share
June 10, 2004 2:21:58 AM

Archived from groups: comp.dcom.vpn (More info?)

I need to create VPNs with several trading partners. I've encountered
a limitation of my SonicWALL Pro 200 in that only one destination
network can have a given network/subnet. For example, if both Trading
Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
interace, then I will only be able to create the VPN to one of them.
I understand the basic issue--how would my firewall know which trading
partner LAN to send the traffic to. However, I can't very well ask my
trading partners to renumber their internal networks. SonicWALL's new
software called SonicOS can handle the situation of overlapping
subnets, but it isn't available for my model.

Does this situation exist for other firewall brands? Is there a
workaround? Are there other firewall appliances such as PIX geared to
small/mid-sized enviroments that don't have this limitation?

Thanks for your advice.
Anonymous
June 10, 2004 10:35:56 PM

Archived from groups: comp.dcom.vpn (More info?)

dac56@hotmail.com (Coop) wrote in
news:508609fe.0406092121.7f60e527@posting.google.com:

> I need to create VPNs with several trading partners. I've encountered
> a limitation of my SonicWALL Pro 200 in that only one destination
> network can have a given network/subnet. For example, if both Trading
> Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
> interace, then I will only be able to create the VPN to one of them.
> I understand the basic issue--how would my firewall know which trading
> partner LAN to send the traffic to. However, I can't very well ask my
> trading partners to renumber their internal networks. SonicWALL's new
> software called SonicOS can handle the situation of overlapping
> subnets, but it isn't available for my model.
>
> Does this situation exist for other firewall brands? Is there a
> workaround? Are there other firewall appliances such as PIX geared to
> small/mid-sized enviroments that don't have this limitation?
>
> Thanks for your advice.
>

I think the Contivity VPN switches don't have that problem, but I'm not
sure that's the kind of solution you're looking for.
Viking.
Anonymous
June 17, 2004 8:14:28 AM

Archived from groups: comp.dcom.vpn (More info?)

The Nortel Networks Contivity VPN device will handle this perfectly.
This device will do NAT thru the VPN tunnels. You can do a different
NAT (either static, port or pooled) thru each tunnel, and therefore
the end user needs not change their network. So say site 1 and site2
are 192.168.0.0/24. You can say any traffic comming from site 1,
convert on a one to one basis to 10.0.0.0/24. So the effect would be
traffic commming from 192.168.0.12 would be seen as 10.0.0.12. This
would be done in conjunction with a Contivity at the far end.


192.168.0.0---Contivity1-----Branch
OfficeTunnel----Contivity2----100.0.0.0
packet----->----->NAT to 10.0.0.0--->--->--->--->-----sees 10 net

Hope this helps

Rossi






Viking <belgianvikings@hotmail.com> wrote in message news:<Xns9504D21C9E7A7belgianvikings@195.130.132.70>...
> dac56@hotmail.com (Coop) wrote in
> news:508609fe.0406092121.7f60e527@posting.google.com:
>
> > I need to create VPNs with several trading partners. I've encountered
> > a limitation of my SonicWALL Pro 200 in that only one destination
> > network can have a given network/subnet. For example, if both Trading
> > Patner A and Trading Partner B use 192.168.1.0/24 on their LAN
> > interace, then I will only be able to create the VPN to one of them.
> > I understand the basic issue--how would my firewall know which trading
> > partner LAN to send the traffic to. However, I can't very well ask my
> > trading partners to renumber their internal networks. SonicWALL's new
> > software called SonicOS can handle the situation of overlapping
> > subnets, but it isn't available for my model.
> >
> > Does this situation exist for other firewall brands? Is there a
> > workaround? Are there other firewall appliances such as PIX geared to
> > small/mid-sized enviroments that don't have this limitation?
> >
> > Thanks for your advice.
> >
>
> I think the Contivity VPN switches don't have that problem, but I'm not
> sure that's the kind of solution you're looking for.
> Viking.
!