Re: Overlapping client network

pcanters · ‎04-28-2006

In the case of a LAN to LAN network with overlapping networks, I can do a NAT statement but what to do when the VPN client source network overlaps with the destination network AND you are running split tunnelling ?

I am trying to figure out what to do here but find very little on this.

For example. Suppose my source network is 10.1.x.x (public hotspot) and my destination network at the other end of the VPN tunnel is also 10.1.x.x and I am using a DHCP server on the destination network to assign my addresses to clients connecting in. How does my local machine know whether to route to the lcoal subnet or the VPN subnet ?

I suspect that this the problem I am running into.

What is the best way to handle this ?

Should I just not allow split tunnelling ?

s.jankowski · ‎05-04-2006

This document describes how to configure the Cisco Secure PIX Firewall in a site-to-site IPSec VPN with overlapping private network addresses behind VPN gateways. The enhanced Network Address Translation (NAT) feature introduced in PIX 6.2 is used in this example to translate the overlapping networks on each side of the IPSec VPN tunnel to non-overlapping address spaces.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

pcanters · ‎05-04-2006

Thanks...

I think that I was not clear enough in my question.

What I am really trying to figure out is a VPN client trying to connect to a VPN concentrator with split tunneling enabled and overlapping networks.

I hope this clarifies the original question.