10-02-2002 05:30 PM - edited 02-21-2020 12:05 PM
Hi,
If I use public range IP address (eg 100.100.x.x) for my office network and I intended to use VPN to connect to my remote office. Will that post an issue? Will the be any impact?
My concern is that I might be sending out legel IP addresses to the internet which might cause a conflict. Can anyone clear my doubt about this.
Thank you!!!
Solved! Go to Solution.
10-02-2002 07:19 PM
Hello,
If you are going to make a VPN Lan to Lan (site-to-site) tunnel b/w your remote office and your office, it wont cause any problem if you have public (routable) IP addresses configured on your inside LAN at your office location, because by default IPSec Tunnel mode is used when you configure LAN to LAN tunnels, tunnel mode adds an extra routeable header, this header has source and destination IP addresses based on your local and remote IKE peer IP addresses, instead of your inside IPs, your inside IPs remain hidden inside the tunnel header, no matter what IP addresses they contain.
So its possible without any impact.
Thanks,
Afaq
10-02-2002 07:19 PM
Hello,
If you are going to make a VPN Lan to Lan (site-to-site) tunnel b/w your remote office and your office, it wont cause any problem if you have public (routable) IP addresses configured on your inside LAN at your office location, because by default IPSec Tunnel mode is used when you configure LAN to LAN tunnels, tunnel mode adds an extra routeable header, this header has source and destination IP addresses based on your local and remote IKE peer IP addresses, instead of your inside IPs, your inside IPs remain hidden inside the tunnel header, no matter what IP addresses they contain.
So its possible without any impact.
Thanks,
Afaq
10-02-2002 07:58 PM
Hi Afaq,
Thank for clearing my doubt. Really aprreciate that.
Regards
LS Ang
10-02-2002 09:09 PM
Hi Afaq,
Just one more question. Does VPN works well with NAT? Let's say my remote site needs to do NAT whenever it needs to access to my network.
Thanks..
Regards
LS ang
10-03-2002 08:33 AM
Hi,
Yeah, NATing is fine, if you have an overlapped network across the tunnel.
Make sure that your crypto ACLs have NATed (after NAT IPs) in them, so that you can encrypt traffic after NATing.
Thanks,
Afaq
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: