![]() ![]() Site B FW Externally Managed Gateway/Interoperable Device VPN Domain setting: 172.17.1.0/24 ![]() NAT overlay network: 172.16.1.0/24 (This is a made-up network that does not exist anywhere in Site A's internal network and does not conflict) Internal network 192.168.1.0/24, interface eth0Įxternal network (some ISP routable block), interface eth1 Let me illustrate, let's assume you are Site A and it initiates connections to Site B through the VPN tunnel, here is the setup: You can double-NAT on one side of the tunnel to avoid any NAT whatsoever on the other side when an IP overlap is present, but it is difficult to set up and will involve configuring policy-based routing (PBR) and messing around with antispoofing to make it work with NAT.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |