Re: [pfSense Support] ipsec vpn with overlapping LAN networks
you'll have to renumber, or some some horrendous bodging with multiple nat boxes at both sites which will cause more pain! meanwhile, a message from 13 years ago in rfc1918. http://www.faqs.org/rfcs/rfc1918.html "If two (or more) organizations follow the address allocation specified in this document and then later wish to establish IP connectivity with each other, then there is a risk that address uniqueness would be violated. To minimize the risk it is strongly recommended that an organization using private IP addresses choose randomly from the reserved pool of private addresses, when allocating sub-blocks for its internal allocation. " - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ipsec vpn with overlapping LAN networks
Hi, The quick and dirty answer is don't do it. It won't work. Why are you using the same /16 on both ends? You'll need to break it up into smaller parts, it will require renumbering any one of them. If you do it in a smart way you can still use a summary to refer to all your network. Regards, Seth Op 8 dec 2009, om 17:45 heeft Shaun Curry het volgende geschreven: > Hey all, > I am having trouble finding info on this topic. I just recently switched to > pfsense for my firewall vpn needs and love it! Please recommend a way to > setup a site-to-site ipsec vpn where both remote LAN subnets are the same > (172.17.0.0/16 and 172.17.2.0/16). I've done this before with a cisco pix, > but am having trouble finding documentation on this using pfsense. > > -- > Shaun Curry > BS-InformationTechnology > Main: 936.647.3113 > Mob: 936.718.2175 > Desk: 281.404.3075
