On Tue, 30 Nov 2010 15:15:43 +0000, Peter Addy <wavema...@yahoo.com>
wrote:
Does anyone know of a way to get around a problem, where for example
a site to
site VPN both have 10.x.x.x, 172.x.x.x etc addresses on
their internal network,
so this therefore causes a conflict within each encryption domain?
If one side is not able to change then what options are there, what
if both
sites cannot change their internal ip addressing,
what are ways to get around ip conflicts in VPN's, has anyone come
across this
and got any ideas?
The obvious solution is to use unique addresses. While this may be a
bit of a problem with IPv4 this should no longer be an issue with IPv6.
A work around is to translate remote addresses to an address unique to
your network and the other way around. I must admit it is a pain to
configure because you need to make sure you translate the addresses
before you ener the tunnel.
So if you don't translate IP adresses on the client side yet your
cooked anyway.
I know customers that require the use of unique addresses to build VPN
tunnels. If you are a hosted SAP company (forexample) that makes a lot
of sense.
Hugo.
--
hvdko...@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================
