[Solved] IPSEC VPN with overlapping subnets
Comments
-
Well,
then you need a split DNS server or DNS view for the VPN clients.
0 -
Ok, I was expecting it... the firewall-side issue is solved anyway. Thank you very much zyman2008 !
0 -
If I could be so brutal to continue this thread for my own sake ...
I understand I might have to create a complete new thread for my question, but here it goes.
I am trying to set up a SecuExtender (IPSec VPN Client) situation towards my USG40 at work with 192.168.1.0/24 subnet. That is an easy task in itself and I can for instance get the IPsec Clients to get 10.3.80.0/24 on the "Mode Config Address Pool".
My main question is how can I make other devices on the subnet and even the firewall itself see the clients as a small ip-range of 192.168.1.180-192.168.1.189 instead of 10.3.80.0/24? The point is that I have a site to site between my USG40 and the provider of our door access system, and I am not in control over their firewall... So I cannot add my 10.3.80.0/24 in their policy routes for traffic return ... Therefore I need to fake my VPN Clients (for instance my laptop running on mobile broadband or actually at home) to seem to be in the actual internal network of 192.168.1.0/24 (the range 192.168.1.180-189 is reserved for this if I get it to work)...
So that if my VPN client with 10.3.80.101 tries to contact my Raspberry Pi @ 192.168.1.24 the Pi would see the client as 192.168.1.183 for instance ... and thus If I try to reach the other end of the site to site VPN @ 10.10.20.50 it will also see my 192.168.1.0/24 network.
I've tried for several hours now to read and figure this out if it's possible to relay traffic from my 10.3.80.0/24 to be SNATed to range 192.168.1.180-189 and policy route it to the correct next-hop VPN if destination is the range ... No luck.
I pretty easy list of directions if this is even possible, would be greatly appriciated. The VPN stuff works as it is now with clients getting 10.3.80.0/24 IP on auto-configuration. It's the masking and hiding to make it look as it's a part of the 192.168.1.0/24 to others (at least to the other VPN-tunnel if not all)
1
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight