Re: problems with VPN and NAT, help
From: Ed Horley (ehorley@yahoo.com)Date: 06/29/02
- Next message: L. Walker: "Re: Hear is a not too friendly visitor"
- Previous message: Jerry Mendes: "Re: Netgear RT314 Router- how can I see my served pages from inside my network?"
- In reply to: nicolas: "problems with VPN and NAT, help"
- Next in thread: Tracker: "Re: problems with VPN and NAT, help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ed Horley" <ehorley@yahoo.com> Date: Sat, 29 Jun 2002 07:06:09 GMT
Since you are doing GRE and IPsec I am assuming that you are using Cisco
Routers to do the IPsec work. I would recommend that on the second customer
router you do a route-map and NAT your address block prior to it passing
thru the crypto engine interface (the interface you have the crypto map
applied to - most likely tunnel 0 and serial 0). This will allow you to
effectively re-address them without any issues. Your only problem is that
you will have to set them up as a static route. This may be a problem since
most people do GRE/IPsec so they can pass routing protocols over the IPsec
tunnel (since IPsec is unicast). If that is case, you aren't gaining a lot
by running the GRE portion of the configuration with the second customer and
you might as well do them as a standard IPsec tunnel with static routing.
Other option is to do re-numbering on one or the other sites. If you are
passing routing between the sites, make sure you use filters since you most
likely don't control the customer's routers and they could suddenly inject
default routes to you, then life will not be fun...
-Ed
"nicolas" <nfe@devillard.ch> wrote in message
news:71014a07.0206280032.19044d5@posting.google.com...
> hello,
> I'm now in a company doing my thesis on VPN.
> I have to implement VPN between them and some cutumers.
>
> I have already implement a site-2-site VPN using GRE and Ipsec (for
> authentification and security feature) for one of their custumer, but
> when i want to do the second custumer i have a problem.
>
> Because each of their custumer have the same IP plan with NAT
> (172.20.0.0)
>
> So with the first custumer (using tunnel0 for the VPN), the route from
> our router is: ip route 172.20.0.0 255.255.0.0 tunnel 0
>
> when i want to do the second cutsumer (using tunnel1), the route will
> be
> ip route 172.20.0.0 255.255.0.0 tunnel 1
>
> This is not possible because i'll have two times 172.20.0.0 in the
> routing table
>
> To be able to do this i was thinking doing a double NAT (is it
> possible? How to do it?)
> Is there some others possibility better than a double NAT?
>
> Thanks by Advance
>
> Nicolas
- Next message: L. Walker: "Re: Hear is a not too friendly visitor"
- Previous message: Jerry Mendes: "Re: Netgear RT314 Router- how can I see my served pages from inside my network?"
- In reply to: nicolas: "problems with VPN and NAT, help"
- Next in thread: Tracker: "Re: problems with VPN and NAT, help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
