- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- How to set site to site VPN when the internal ip n...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to set site to site VPN when the internal ip network address is same on both side
Peers can you tell me How to set Site to Site VPN in the below Scenario
I did setup normal site to site VPN but when I am pinging Gen2 Console from Site-1 Console, I am getting, "Reply from 192.168.1.31, Destination host unreachable."
I also applied the static route between 181.43.23.32 and 181.43.23.41
as Set static-route default nexthop gateway address 181.43.23.41 on
& Set static-route default nexthop gateway address 181.43.23.32 on , respective server and firewall, site 1 and gen2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When the same IPs exist on both sides of the VPN, the only way to resolve the issue is with static NAT.
This implies:
- Local encryption domain uses your IPs
- Remote encryption domain uses NAT IPs (must be different from local IPs)
- Remote End has relevant NAT rules
Depending on who needs to initiate VPN traffic, this may need to be done on both ends.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Can you explain more about this. How to create static NAT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R81.10 Quantum Security Management Administration Guide - Configuring the NAT Policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Shinchan
Did you sort the above case if you sort please share the solution i am eargly waiting to your message
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Solution is one of the following:
- as @PhoneBoy suggested, use static NAT (easy for one tunnel, but will be more and more complicated with higher number of VPNs)
- best solution: use different non-routable networks on each site, no need to use 192.168.1.x everywhere...