So I am going back and forth with another technician that works for a different company. In a nutshell we need to setup a VPN between our locations to send data from one workstation on our network (192.168.1.x) to his newly created server at his location. I asked him if he could change his IP subnet to something other than 192.168.1.x as that would cause a problem routing traffic over the VPN. His reply was as follows:
"192.168.x.x are standard internal ip addresses and there should not be any issue as long as you write your persistent IP table entries correctly to route through our VPN tunnel; if needed. Our VPNs use 10.x.x.x as an internal VLAN IPs and its through these you should write your IP Table routes. This is not a layer of complexity it is "networking 101". At my home I have a PC with 192.168.1.31 and can pull images from the Image Server at 192.168.1.31 through the VPN gateway with no issue. They are on two different networks seperated by a gateway; there is no conflict."
I would like to use a standard site-to-site hardware VPN between our firewalls, but this guy is asking me to install Open VPN on our workstation. How can he say his home computer is on 192.168.1.31 and he accesses a server on 192.168.1.31 over the VPN? Could he have created a static mapping to a 10.x.x.x IP for the gateway and then the VPN is in some way doing a NAT translation to the other end of the tunnel? Even that doesn't make a lot of sense because his computer would have to be on the 10.x network to access a gateway set to that address.
I like to think I am not totally crazy as the OpenVPN documentation pretty much confirms what I think.
I am not sure regarding the open VPN but regarding this statement:
¨How can he say his home computer is on 192.168.1.31 and he accesses a server on 192.168.1.31 over the VPN? Could he have created a static mapping to a 10.x.x.x IP for the gateway and then the VPN is in some way doing a NAT translation to the other end of the tunnel¨
I agree with you but it is possible to nat it while it goes to the other vpn site so you can have them both (host) with the same private ip address as the other host does not sees it like that.
Rate helpful posts!
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...