Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > site to site vpn

Reply
Thread Tools

site to site vpn

 
 
Bruce Fournier
Guest
Posts: n/a
 
      07-11-2003
Hello all,
We are currently terminating vpn connections from client sites in our dmz
area and then letting their traffic pass through our firewall. The circuits
and routers that the vpns terminate on are owned by the clients and are
located at our facility. We are currently using the 10.0.0.0 address space
and so are some of our clients. I can forsee a time when we might have a
problem with this if a client has a host at 10.0.0.1 and if we have a host
at 10.0.0.1 and we try to connect to the client's host our router will think
the host is on the local subnet and not route the packet to the client host.
This problem could also arise if two of our clients are using the same IP
address the router won't know where to forward the packet and could cause a
loop. is there any other way around this than getting some oublic address
space and doing statics and conduits through a pix?
Any ideas or suggestions ?!?
Thanks in advance


 
Reply With Quote
 
 
 
 
Michael T. Hall
Guest
Posts: n/a
 
      07-11-2003
Look into "dual NAT," where you assign aliases at each end of the tunnel for
specific address ranges.

http://www.cisco.com/en/US/products/...6.html#1025970

Michael


"Bruce Fournier" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello all,
> We are currently terminating vpn connections from client sites in our dmz
> area and then letting their traffic pass through our firewall. The

circuits
> and routers that the vpns terminate on are owned by the clients and are
> located at our facility. We are currently using the 10.0.0.0 address space
> and so are some of our clients. I can forsee a time when we might have a
> problem with this if a client has a host at 10.0.0.1 and if we have a host
> at 10.0.0.1 and we try to connect to the client's host our router will

think
> the host is on the local subnet and not route the packet to the client

host.
> This problem could also arise if two of our clients are using the same IP
> address the router won't know where to forward the packet and could cause

a
> loop. is there any other way around this than getting some oublic address
> space and doing statics and conduits through a pix?
> Any ideas or suggestions ?!?
> Thanks in advance
>
>



 
Reply With Quote
 
 
 
 
/dev/alex
Guest
Posts: n/a
 
      07-13-2003
On Fri, 11 Jul 2003 19:48:22 +0000, Michael T. Hall wrote:

> Look into "dual NAT," where you assign aliases at each end of the tunnel
> for specific address ranges.
>
> http://www.cisco.com/en/US/products/...6.html#1025970
>
> Michael
>
>
> "Bruce Fournier" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hello all,
>> We are currently terminating vpn connections from client sites in our
>> dmz area and then letting their traffic pass through our firewall. The

> circuits
>> and routers that the vpns terminate on are owned by the clients and are
>> located at our facility. We are currently using the 10.0.0.0 address
>> space and so are some of our clients. I can forsee a time when we might
>> have a problem with this if a client has a host at 10.0.0.1 and if we
>> have a host at 10.0.0.1 and we try to connect to the client's host our
>> router will

> think
>> the host is on the local subnet and not route the packet to the client

> host.
>> This problem could also arise if two of our clients are using the same
>> IP address the router won't know where to forward the packet and could
>> cause

> a
>> loop. is there any other way around this than getting some oublic
>> address space and doing statics and conduits through a pix? Any ideas or
>> suggestions ?!?
>> Thanks in advance
>>
>>
>>


CIPE can do this fine.

-a
 
Reply With Quote
 
Bruce Fournier
Guest
Posts: n/a
 
      07-14-2003
Thank you for your replay, that is one that I hadn't thought of.

"Michael T. Hall" <(E-Mail Removed)> wrote in message
news:awEPa.36913$N7.3778@sccrnsc03...
> Look into "dual NAT," where you assign aliases at each end of the tunnel

for
> specific address ranges.
>
>

http://www.cisco.com/en/US/products/...6.html#1025970
>
> Michael
>
>
> "Bruce Fournier" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hello all,
> > We are currently terminating vpn connections from client sites in our

dmz
> > area and then letting their traffic pass through our firewall. The

> circuits
> > and routers that the vpns terminate on are owned by the clients and are
> > located at our facility. We are currently using the 10.0.0.0 address

space
> > and so are some of our clients. I can forsee a time when we might have a
> > problem with this if a client has a host at 10.0.0.1 and if we have a

host
> > at 10.0.0.1 and we try to connect to the client's host our router will

> think
> > the host is on the local subnet and not route the packet to the client

> host.
> > This problem could also arise if two of our clients are using the same

IP
> > address the router won't know where to forward the packet and could

cause
> a
> > loop. is there any other way around this than getting some oublic

address
> > space and doing statics and conduits through a pix?
> > Any ideas or suggestions ?!?
> > Thanks in advance
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PIX - Site-to-Site VPN and VPN Client access Rick Stromberg Cisco 7 06-02-2011 11:44 PM
VPN site to site & Remote access VPN ( vpn client) over the same interface pasatealinux Cisco 1 12-17-2007 07:41 PM
Site to Site VPN questions ( by VPN newbie ) JJ DD Cisco 3 08-22-2004 11:03 PM
Incoming VPN and site to site VPN problems Nathan Simpson Cisco 1 08-14-2004 06:07 PM
site-to-site VPN router to PIX VPN tical Cisco 3 05-27-2004 09:00 PM



Advertisments