[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Any have a "how-to" on VPN between networks using the sameaddress space?????
Another alternative is to create a 'mask network object' and do dynamic nat. -- not hide, not simple static, but static with network objects used instead. That is, (realnet1=10.1.1.0/24, net1nat=10.10.1.0/24 realnet2=10.1.2.0/24, net2nat=10.10.2.0/24) <on firewall at net1 side> src dst svc xlsrc xldst realnet1 net2nat any net1nat original net2nat net1nat any orig realnet1 and similarly on box 2. This will do a 1 to 1 nat mapping per connection so that 10.1.1.1 will look like 10.10.1.1 and 10.1.1.5 will look like 10.1.1.5, etc. Works fine..... Cheers, CryptoTech Mark Pelkoski wrote: > Hey everybody: > We have another company who wants to set up a LAN-to-LAN VPN between our > two FW-1 Firewalls, but we are both using the same Non-routable subneted > address space. Anybody done this before? I have an idea on how to do it, > but I'm looking for some experience out there so I can learn of the > potential pitfalls. With the world using more hide NATing, I guess this > scenario is inevitable until IPv6 comes along. > > Thanks in advance. > > Mark Pelkoski, MCP, CCSE > Network Security Engineer > micronpc.com > Phone:> Page:> [email protected] > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|