site to site vpn

Discussion in 'Cisco' started by Bruce Fournier, Jul 11, 2003.

  1. Hello all,
    We are currently terminating vpn connections from client sites in our dmz
    area and then letting their traffic pass through our firewall. The circuits
    and routers that the vpns terminate on are owned by the clients and are
    located at our facility. We are currently using the 10.0.0.0 address space
    and so are some of our clients. I can forsee a time when we might have a
    problem with this if a client has a host at 10.0.0.1 and if we have a host
    at 10.0.0.1 and we try to connect to the client's host our router will think
    the host is on the local subnet and not route the packet to the client host.
    This problem could also arise if two of our clients are using the same IP
    address the router won't know where to forward the packet and could cause a
    loop. is there any other way around this than getting some oublic address
    space and doing statics and conduits through a pix?
    Any ideas or suggestions ?!?
    Thanks in advance
    Bruce Fournier, Jul 11, 2003
    #1
    1. Advertising

  2. Look into "dual NAT," where you assign aliases at each end of the tunnel for
    specific address ranges.

    http://www.cisco.com/en/US/products...eference_chapter09186a00800ec9e6.html#1025970

    Michael


    "Bruce Fournier" <> wrote in message
    news:...
    > Hello all,
    > We are currently terminating vpn connections from client sites in our dmz
    > area and then letting their traffic pass through our firewall. The

    circuits
    > and routers that the vpns terminate on are owned by the clients and are
    > located at our facility. We are currently using the 10.0.0.0 address space
    > and so are some of our clients. I can forsee a time when we might have a
    > problem with this if a client has a host at 10.0.0.1 and if we have a host
    > at 10.0.0.1 and we try to connect to the client's host our router will

    think
    > the host is on the local subnet and not route the packet to the client

    host.
    > This problem could also arise if two of our clients are using the same IP
    > address the router won't know where to forward the packet and could cause

    a
    > loop. is there any other way around this than getting some oublic address
    > space and doing statics and conduits through a pix?
    > Any ideas or suggestions ?!?
    > Thanks in advance
    >
    >
    Michael T. Hall, Jul 11, 2003
    #2
    1. Advertising

  3. Bruce Fournier

    /dev/alex Guest

    On Fri, 11 Jul 2003 19:48:22 +0000, Michael T. Hall wrote:

    > Look into "dual NAT," where you assign aliases at each end of the tunnel
    > for specific address ranges.
    >
    > http://www.cisco.com/en/US/products...eference_chapter09186a00800ec9e6.html#1025970
    >
    > Michael
    >
    >
    > "Bruce Fournier" <> wrote in message
    > news:...
    >> Hello all,
    >> We are currently terminating vpn connections from client sites in our
    >> dmz area and then letting their traffic pass through our firewall. The

    > circuits
    >> and routers that the vpns terminate on are owned by the clients and are
    >> located at our facility. We are currently using the 10.0.0.0 address
    >> space and so are some of our clients. I can forsee a time when we might
    >> have a problem with this if a client has a host at 10.0.0.1 and if we
    >> have a host at 10.0.0.1 and we try to connect to the client's host our
    >> router will

    > think
    >> the host is on the local subnet and not route the packet to the client

    > host.
    >> This problem could also arise if two of our clients are using the same
    >> IP address the router won't know where to forward the packet and could
    >> cause

    > a
    >> loop. is there any other way around this than getting some oublic
    >> address space and doing statics and conduits through a pix? Any ideas or
    >> suggestions ?!?
    >> Thanks in advance
    >>
    >>
    >>


    CIPE can do this fine.

    -a
    /dev/alex, Jul 13, 2003
    #3
  4. Thank you for your replay, that is one that I hadn't thought of.

    "Michael T. Hall" <> wrote in message
    news:awEPa.36913$N7.3778@sccrnsc03...
    > Look into "dual NAT," where you assign aliases at each end of the tunnel

    for
    > specific address ranges.
    >
    >

    http://www.cisco.com/en/US/products...eference_chapter09186a00800ec9e6.html#1025970
    >
    > Michael
    >
    >
    > "Bruce Fournier" <> wrote in message
    > news:...
    > > Hello all,
    > > We are currently terminating vpn connections from client sites in our

    dmz
    > > area and then letting their traffic pass through our firewall. The

    > circuits
    > > and routers that the vpns terminate on are owned by the clients and are
    > > located at our facility. We are currently using the 10.0.0.0 address

    space
    > > and so are some of our clients. I can forsee a time when we might have a
    > > problem with this if a client has a host at 10.0.0.1 and if we have a

    host
    > > at 10.0.0.1 and we try to connect to the client's host our router will

    > think
    > > the host is on the local subnet and not route the packet to the client

    > host.
    > > This problem could also arise if two of our clients are using the same

    IP
    > > address the router won't know where to forward the packet and could

    cause
    > a
    > > loop. is there any other way around this than getting some oublic

    address
    > > space and doing statics and conduits through a pix?
    > > Any ideas or suggestions ?!?
    > > Thanks in advance
    > >
    > >

    >
    >
    Bruce Fournier, Jul 14, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. tical
    Replies:
    3
    Views:
    3,887
    tical
    May 27, 2004
  2. Rick Stromberg
    Replies:
    7
    Views:
    9,843
    luisjimher
    Jun 3, 2011
  3. Nathan Simpson

    Incoming VPN and site to site VPN problems

    Nathan Simpson, Aug 14, 2004, in forum: Cisco
    Replies:
    1
    Views:
    472
  4. JJ DD
    Replies:
    3
    Views:
    657
    Anthony Mahoney
    Aug 23, 2004
  5. pasatealinux
    Replies:
    1
    Views:
    1,999
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page