Normally, when setting up a policy-based IPSec VPN, NAT is disabled for the networks in the tunnel policy so that they can communicate as if they were on the same private network. This works well for internal VPNs, but not as smoothly for B2B/Extranet VPNs for the exact reasons you've given.
If you terminate the tunnel using the same IPv4 address that you use to source the VPN traffic and ensure that NAT remains enabled for the VPN, you should be able to use NAT and avoid having to re-address.
I haven't worked with an RV042 in a bit so I'm unsure if it has that flexibility, but that's the first angle I would pursue.
We terminated the VPN tunnel with a non-RFC 1918 ip address (203.x.x.x) to comply with the client company. They want to make sure that interesting traffic is routed to a registered IP address. The IP address of the RV042 is still 192.168.1.2 while the VPN local group is set to 203.x.x.x.
For the RV042 to see the 203.x.x.x network, I added 203.x.x.x in the Multiple Subnet Setting in the RV042.
In our network, we have 2 routers (192.168.1.1 and 192.168.1.2) connected on the same switch. We use 192.168.1.1 as the default gateway and DHCP server. We can also use 192.168.1.2 if I manually configure it on the workstation.
I was thinking of adding a static route to our workstations to use 192.168.1.2 to go to the 203.x.x.x VPN tunnel. I am not sure if this will work but I want to know if I am on the right track.
I am also not sure on how the Multiple Subnet Setting works on the RV042.
Will these make me avoid changing our LAN IP addresses to 203.x.x.x?
I would put the route on the 192.168.1.1 router with 192.168.1.2 as the gateway. This saves you from reconfiguring all of the workstations. When they send a packet to their default gateway, they will either get an ICMP redirect to the correct router or the default gateway router will manually reroute the traffic depending on the configuration.
As long as the RV042 is performing NAT on the VPN traffic, which it should be doing if everything is terminating on its external IPv4 address, there should be no need to renumber anything internally... but it's worth testing first, of course.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...