0

My issue is like this:

From our network, we have to connect to different client networks and their internal LAN is not defined by us. Every client is connected through separate IPSEC GRE tunnel on CISCO devices. now consider below scenario:

Client A having an internal IP address scheme of 192.168.1.0/24 and Client B also having the same. I have to route the packets from our Linux server --> our internal F/W --> our Router --> Respective Tunnels. (Suppose, both Clients having machines with same IP address 192.168.1.100)

Now, How can I route the packets from my internal LAN to respective clients? is there any changes I have to make in My network?

(Hope the question is clear to you, I'm not a hard core network engineer :))

user177641
  • 1
  • 1
  • 2
  • 3
  • An ipv4 solution is described here, but it requires basic networking knowledge: http://serverfault.com/questions/548888/connecting-to-a-remote-server-through-openvpn-when-local-network-subnet-conflict/557030#557030 – ErikE Nov 24 '13 at 13:11

2 Answers2

1

Approaches to consider:

  • If you are routing to specific systems on their network, then you can route individual hosts, or subnets such as 192.0.2.55, 192.0.2.0/26. 192.10.2.128/28. This will break if you need to route to the same address on both networks. Setting this up over geographically spread networks requires configuring routing on multiple routers.
  • For incoming connections you can use SNAT from there systems to your. You will need NAT each client separately.
  • Outgoing connections you can use a different subnet for one or both clients and use DNAT to correct the addresses. If you need DNS, you will need to create a local zone using the local addresses for the clients servers.
  • If only certain protocols need to be handled, you may be able to use proxy the connections

When connecting to clients networks, you should firewall their networks. At a minimum you will need to ensure their networks don't interconnect. This applies even if their addresses don't overlap. Routing rules will need to be across your network.

IPv6 addressing avoids this problem. Each device which can connect off of the LAN will have a unique Internet address. IPv6 private network addresses have been deprecated. NAT is not required except to connect to IPv4 addresses. Routing is much simpler.

BillThor
  • 27,354
  • 3
  • 35
  • 69
0

Well, start learning basics of networking and realize it can not be done.

YOu can not route to IP on the same subnet. This is like saying you want to use the same phone number like your neighbot but people should be calling only you. MAKES NO SENSE.

If you address machine 192.168.1.55 - how is the router supposed to magically know which if your clients you want to talk to? EPIC FAIL.

So, whoever decided on 192.168.1.0 on BOTH sides - everyone had no clue how networking works and should have asked a professional.

THAT SAID: I have a similar situation and my solution was to IGNORE the IP(4) addresses and add a coordinated IPv6 network on top on both sides. Result is that the machines are addressable.

TomTom
  • 50,857
  • 7
  • 52
  • 134
  • Thank you @TomTom, for your reply. This is actually a fictious question. But we have to anticipate for it. Well, I understand routing to same IP/same subnet cannot be done. The issue here is that we have no role in defining their networks and both of them are geographically distant. Now considering this, how we can re-configure/re-design our network without very less disturbance to the client networks? Can you please elaborate me about "coordinated IPv6 network"? – user177641 Nov 24 '13 at 11:27