Classic case for doublenat, You nat your ip addresses into a new network, they map their networks into new networks and you both see only the new networks for the remote site, not the real ones.
Each of you has your own ip addresses, and the new individual networks in their encryption domain. The remote encryption domain contains only the new network for the remote site. Often people require these new addresses to be public ip addresses, but with address space being what it is, this is not always possible. Site1 (local encryption domain) 10.10.10.0/24 (real addresses) 192.168.1.0/24 (natted addresses) (remote encryption domain) 192.168.2.0/24 Site2 (local encryption domain) 10.10.10.0/24 (real addresses in conflict) 192.168.2.0/24 (natted addresses) (remote encryption domain) 192.168.1.0/24 -- Ted Serreyn Phone:262-432-0260 Fax:262-432-0232 Serreyn Network Services, LLC http://www.serreyn.com/ -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:fw-1-mailingl...@amadeus.us.checkpoint.com] On Behalf Of Peter Addy Sent: Tuesday, November 30, 2010 9:16 AM To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM Subject: [FW-1] IP address conflicts within Encryption domains in VPN's Hi, Does anyone know of a way to get around a problem, where for example a site to site VPN both have 10.x.x.x, 172.x.x.x etc addresses on their internal network, so this therefore causes a conflict within each encryption domain? If one side is not able to change then what options are there, what if both sites cannot change their internal ip addressing, what are ways to get around ip conflicts in VPN's, has anyone come across this and got any ideas? Thanks ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to lists...@amadeus.us.checkpoint.com in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email fw-1-ow...@ts.checkpoint.com =================================================
