joe.favia Tue, 04/22/2008 - 02:29
User Badges:

Hi,

I've got the same kind of problem. Our 2 servers will be hosted at a remote site and we want to keep IP addresses the same at both ends both because of licensing constraints and unwanted reconfiguration of applications/devices.


I've got an idea of using ASAs on both networks, each with their own 10.1.1.0/24 network. There are no duplicate IP numbers anywhere on the networks.


The ASA on the client network will use proxy ARP to publish the IP address of the remote server which will belong to the local network (10.1.1.100 for example). I'd like to encrypt the comunication and sent it through the VPN to the remote peer on the network. Can the host address be part of the Remote network even though it is also part of the local network?


If this is possibile, can I also run NAT on the packets in order to avoid further complications in reaching the gateway on the remote peer machine?

cgiulini Tue, 04/29/2008 - 13:22
User Badges:

I am looking at this too; essentially trying to extend a bridge across an IPSEC tunnel. Bidirectional traffic would be desirable. I am about to start working this out in the lab. I'll let you know if I have any success - I suspect there is a good reason I'm missing as to why this isn't going to work.


Upon a little further consideration, the only way I can see this working would be to bridge using GRE through the IPSEC tunnel. Unfortunately that's overkill for the problem I'm trying to solve.

Actions

This Discussion