Professional Documents
Culture Documents
Is It Possible To Route Traffic Through A VPN Between Two Networks With The Same Subnet If So How?
Is It Possible To Route Traffic Through A VPN Between Two Networks With The Same Subnet If So How?
Is It Possible To Route Traffic Through A VPN Between Two Networks With The Same Subnet If So How?
Presently I am working as network administrator in TCS, here I manages campus data centre and
building switching infrastructure, security devices. I used to provide end to end, cost effective &
secure solution to offshore project. Configuring site-to-site vpn, remote access vpn for offshore users
as well as configuring SSL VPN gateway for ‘work for home’ users
Maintaining firewall rule base & other security benchmark & mitigate all security related
vulnerability & handling all connectivity related issue for offshore projects as well as participating in
their network audits.
Is it possible to route traffic through a VPN between two networks with the same subnet if so
how?
If local network & remote network are on same subnet then it is not possible to build a tunnel
between these two sites. Because all packets are routed based on the destination IP address. Before
routing occurs, determine whether the destination IP address is available on the local network or
not.
How to configure tunnel for overlapping addresses in Palo Alto?
There's no way for the traffic to route over the VPN tunnel, as the same network exists on both sides
of the tunnel.
The only way to resolve by Dynamic NAT at both directions with two different pools that don't
conflict with the 10.10.10.0/24 address. Maybe you translate 10.10.11.0/24 to 10.10.10.0/24 on the
corp side, and you translate 10.10.12.0/24 to 10.10.10.0/24 on the client side or something like that.
Phase 1 and Phase 2 will be up. However, the hosts behind the peer are not reachable?
Occasionally happens on a site-to-site IPSec VPN between a Palo Alto Networks device and another
device. If the tunnel interface is in the untrust zone, the traffic will be NATed to the public IP, while
leaving the tunnel, by the default NAT rule on the Palo Alto Networks device.
Resolution
There are two options to resolve this issue:
Move the tunnel interface to one of the trust zones, so that the traffic will not get NATed while
leaving the tunnel.
Create a No-NAT rule for traffic from the tunnel zones to those destination addresses behind the
peer.
RSA ?
SIC in Checkpoint
SIC layer provides a secure internal communication method between Check Point software
entities. Authority (status, issue, revoke). Port 18210 is used to pull certificates from the CA.
How any connect vpn works steps to user connect to vpn gateway & acess internal applications