Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Tunnel Interface (Route-Based) VPN with overlapping subnets

I'm looking for a KB article on Tunnel Interface (Route-Based) VPN with overlapping subnet(s). I can find it for Site-to-Site IPSEC but not for Tunnel Interface.


Secondly for Tunnel Interface VPN with multiple remote sites subnets overlapping.

Category: Entry Level Firewalls
Reply

Answers

  • prestonpreston All-Knowing Sage ✭✭✭✭

    @MichaelB , for the Tunnel Interface you have more control as you can use ranges in the routes, it would be best to check with the other sites which part of the subnets they actually use, do they truly overlap or are they just using the same subnet? , for example if you have a local 10.0.0.0\8 and the remote site also has a 10.0.0.0\8 but you are only using 10.1.0.1 - 10.3.255.254 on your side but the remote side is using 10.0.1.1 - 10.0.10.254 then you can avoid the overlap by only putting a route for the VPN to say the range 10.0.1.1-10.0.10.254 goes across the tunnel, then obviously do the opposite on the remote device on the other end of the VPN.

  • MichaelBMichaelB Newbie ✭
    @preston, at least 2 remote sites have a 192.186.1.0/24 subnet. The local is 192.168.105.0/24.
  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    You should do twice nat rule / double nat. I don't have acccess firewall now however I cannot share screenshot but I think below example will be clear.

    create a nat rule for overlaps ips

    example : HQ--->BRANCH

    HQ Firewall Nat rule 1. 

    source : overlap ip 192.168.1.0/24

    translated : new nated ip: 10.10.10.0/24

    destination : destination overlaps nated ip. 10.10.11.0/24

    interface Tunell interface.


    Branch Firewall Nat rule 1.

    Source: 10.10.10.0/24

    Translated : orginal.

    Destination: 10.10.11.0/24

    Destination translated: 192.68.1.0/24

    -----

    Branch Firewall Nat rule 2.

    Source : 192.168.1.0/24

    Source Translated: 10.10.11.0/24

    Destination 10.10.10.0/24

    Destination Translated : Orginal.

    interface : Tunel interface.


    HQ Firewall NAT rule 2.

    Source : 10.10.11.0/24

    Source Translated: orginal

    Destination 10.10.10.0/24

    Destination Translated : 192.168.1.0/24.

    interface : Tunel interface.

Sign In or Register to comment.