Sunday, February 27, 2011

Checkpoint site-to-site vpn with Overlapping VPN domain

If two side in a site-to-site vpn has the same ip subnet, then we have to make a scenario similar to below,

Site A and Site B is using the 192.168.0.0/24 subnet,

Site A                                       Site B
LAN_A 192.168.0.0/24               LAN_B 192.168.0.0/24
we will nat to 172.16.0.0/24         and we will nat to 10.0.0.0/24


Site A VPN Domain = LAN_A and NAT_Net A
fw object that represents the Site B vpn domain = NAT_NETB_10.0.0.0

    Add the static nat at Site A


Site B VPN Domain = LAN_B and NAT_Net B
fw object that represents the Site A vpn domain = NAT_NETA_172.16.0.0

    Add the static nat at Site B




Gönderen zaman:
Etiketler: