|
|
site to site vpn #2
Hello all,
We are currently terminating vpn connections from client sites in our dmz
area and then letting their traffic pass through our firewall. The circuits
and routers that the vpns terminate on are owned by the clients and are
located at our facility. We are currently using the 10.0.0.0 address space
and so are some of our clients. I can forsee a time when we might have a
problem with this if a client has a host at 10.0.0.1 and if we have a host
at 10.0.0.1 and we try to connect to the client's host our router will think
the host is on the local subnet and not route the packet to the client host.
This problem could also arise if two of our clients are using the same IP
address the router won't know where to forward the packet and could cause a
loop. is there any other way around this than getting some oublic address
space and doing statics and conduits through a pix?
Any ideas or suggestions ?!?
Thanks in advance
|
|
0
|
|
|
|
Reply
|
 Bruce
|
7/11/2003 3:10:03 PM |
|
Look into "dual NAT," where you assign aliases at each end of the tunnel for
specific address ranges.
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00800ec9e6.html#1025970
Michael
"Bruce Fournier" <bfournier@no-spam.com> wrote in message
news:vgtkoosp7nhbee@corp.supernews.com...
> Hello all,
> We are currently terminating vpn connections from client sites in our dmz
> area and then letting their traffic pass through our firewall. The
circuits
> and routers that the vpns terminate on are owned by the clients and are
> located at our facility. We are currently using the 10.0.0.0 address space
> and so are some of our clients. I can forsee a time when we might have a
> problem with this if a client has a host at 10.0.0.1 and if we have a host
> at 10.0.0.1 and we try to connect to the client's host our router will
think
> the host is on the local subnet and not route the packet to the client
host.
> This problem could also arise if two of our clients are using the same IP
> address the router won't know where to forward the packet and could cause
a
> loop. is there any other way around this than getting some oublic address
> space and doing statics and conduits through a pix?
> Any ideas or suggestions ?!?
> Thanks in advance
>
>
|
|
|
0
|
|
|
|
Reply
|
Michael
|
7/11/2003 7:48:22 PM
|
|
On Fri, 11 Jul 2003 19:48:22 +0000, Michael T. Hall wrote:
> Look into "dual NAT," where you assign aliases at each end of the tunnel
> for specific address ranges.
>
> http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00800ec9e6.html#1025970
>
> Michael
>
>
> "Bruce Fournier" <bfournier@no-spam.com> wrote in message
> news:vgtkoosp7nhbee@corp.supernews.com...
>> Hello all,
>> We are currently terminating vpn connections from client sites in our
>> dmz area and then letting their traffic pass through our firewall. The
> circuits
>> and routers that the vpns terminate on are owned by the clients and are
>> located at our facility. We are currently using the 10.0.0.0 address
>> space and so are some of our clients. I can forsee a time when we might
>> have a problem with this if a client has a host at 10.0.0.1 and if we
>> have a host at 10.0.0.1 and we try to connect to the client's host our
>> router will
> think
>> the host is on the local subnet and not route the packet to the client
> host.
>> This problem could also arise if two of our clients are using the same
>> IP address the router won't know where to forward the packet and could
>> cause
> a
>> loop. is there any other way around this than getting some oublic
>> address space and doing statics and conduits through a pix? Any ideas or
>> suggestions ?!?
>> Thanks in advance
>>
>>
>>
CIPE can do this fine.
-a
|
|
|
0
|
|
|
|
Reply
|
dev
|
7/13/2003 2:25:26 PM
|
|
Thank you for your replay, that is one that I hadn't thought of.
"Michael T. Hall" <michaelthall@comcast.net> wrote in message
news:awEPa.36913$N7.3778@sccrnsc03...
> Look into "dual NAT," where you assign aliases at each end of the tunnel
for
> specific address ranges.
>
>
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00800ec9e6.html#1025970
>
> Michael
>
>
> "Bruce Fournier" <bfournier@no-spam.com> wrote in message
> news:vgtkoosp7nhbee@corp.supernews.com...
> > Hello all,
> > We are currently terminating vpn connections from client sites in our
dmz
> > area and then letting their traffic pass through our firewall. The
> circuits
> > and routers that the vpns terminate on are owned by the clients and are
> > located at our facility. We are currently using the 10.0.0.0 address
space
> > and so are some of our clients. I can forsee a time when we might have a
> > problem with this if a client has a host at 10.0.0.1 and if we have a
host
> > at 10.0.0.1 and we try to connect to the client's host our router will
> think
> > the host is on the local subnet and not route the packet to the client
> host.
> > This problem could also arise if two of our clients are using the same
IP
> > address the router won't know where to forward the packet and could
cause
> a
> > loop. is there any other way around this than getting some oublic
address
> > space and doing statics and conduits through a pix?
> > Any ideas or suggestions ?!?
> > Thanks in advance
> >
> >
>
>
|
|
|
0
|
|
|
|
Reply
|
Bruce
|
7/14/2003 4:24:48 PM
|
|
|
3 Replies
122 Views
(page loaded in 0.054 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24755 articles. 
23 followers. 