Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shinchan
Explorer

How to set site to site VPN when the internal ip network address is same on both side

Peers can you tell me How to set Site to Site VPN in the below Scenario

I did setup normal site to site VPN but when I am pinging Gen2 Console from Site-1 Console, I am getting, "Reply from 192.168.1.31, Destination host unreachable."

I also applied the static route between 181.43.23.32 and 181.43.23.41

as Set static-route default nexthop gateway address 181.43.23.41 on

& Set static-route default nexthop gateway address 181.43.23.32 on , respective server and firewall, site 1 and gen2

 

Screenshot (297).png

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

When the same IPs exist on both sides of the VPN, the only way to resolve the issue is with static NAT.
This implies:

  • Local encryption domain uses your IPs
  • Remote encryption domain uses NAT IPs (must be different from local IPs)
  • Remote End has relevant NAT rules

Depending on who needs to initiate VPN traffic, this may need to be done on both ends.

0 Kudos
Raj9
Explorer

Hello,

Can you explain more about this. How to create static NAT

0 Kudos
G_W_Albrecht
Legend Legend
Legend

R81.10 Quantum Security Management Administration Guide - Configuring the NAT Policy

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Doremon
Explorer

Dear Shinchan 

Did you sort the above case if you sort please share the solution i am eargly waiting to your message 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Solution is one of the following:

- as @PhoneBoy suggested, use static NAT (easy for one tunnel, but will be more and more complicated with higher number of VPNs)

- best solution: use different non-routable networks on each site, no need to use 192.168.1.x everywhere...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events