Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kabalian
New Contributor

multi VPN same network destination

Hi I have the following problem: I have to connect my office with two different locations, in site-to-site VPN.
these locations have the same subnet.

my office: 192.168.0.0/24
site a: 192.168.10.0/24
site b: 192.168.10.0/24

how can I forward traffic to one or the other location?

 

2 REPLIES 2
ede_pfau
Esteemed Contributor III

Uh-oh.

My best advice: have one of the networks redesigned to a different address space. I hope your example is just for illustration, but I've seen 192.168.0.x in use in many places. Address space for private networks is huge, but people tend to choose always the same 3 networks.

 

Now, if network a or b are not under your control, you will have to use an address space of your own, like 172.27.14.0/24, to communicate with 192.168.10.0/24 in site a (for example). In the policy from your LAN to the VPN interface, you need to apply destination NAT (1:1 if possible), and NAT back onto your address space upon reception. This is well documented in some KB articles ("Site-to-Site VPN with subnet overlap").

 

Feasable, but a nuisance. If you use 1:1 NAT, then at least the last byte in a /24 is identical, which might help addressing remote hosts. Of course, setting up your own DNS for remote names and local addresses is useful.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Kabalian

the problem is this: I would like to connect my office with our customers to be able to do remote assistance. two of our customers have an equal network 192.168.0 / 24.