Hi I have the following problem: I have to connect my office with two different locations, in site-to-site VPN.
these locations have the same subnet.
my office: 192.168.0.0/24
site a: 192.168.10.0/24
site b: 192.168.10.0/24
how can I forward traffic to one or the other location?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Uh-oh.
My best advice: have one of the networks redesigned to a different address space. I hope your example is just for illustration, but I've seen 192.168.0.x in use in many places. Address space for private networks is huge, but people tend to choose always the same 3 networks.
Now, if network a or b are not under your control, you will have to use an address space of your own, like 172.27.14.0/24, to communicate with 192.168.10.0/24 in site a (for example). In the policy from your LAN to the VPN interface, you need to apply destination NAT (1:1 if possible), and NAT back onto your address space upon reception. This is well documented in some KB articles ("Site-to-Site VPN with subnet overlap").
Feasable, but a nuisance. If you use 1:1 NAT, then at least the last byte in a /24 is identical, which might help addressing remote hosts. Of course, setting up your own DNS for remote names and local addresses is useful.
the problem is this: I would like to connect my office with our customers to be able to do remote assistance. two of our customers have an equal network 192.168.0 / 24.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.