S2S VPN Configuration

Question

Hi, 
 I want to route traffic through 2 firewalls, via S2SVPN connections, one of the VPNs, R1 to R2 already exists, but the other, R1 to R2 doesn't, so I need to create it. 
 I am unsure about what Local IP address/subnet to use for router B? Do I create one that will only be used just for this purpose? or do I use an interface of R2? 
 i.e this one- 
 
 I hope the attached diagram makes sense of what I am trying to achieve-

kerobra · Answer

You can use NAT in VPN, but you have to "translate" it somewhere. You can use R3 LAN(NAT) and R2 LAN (NAT) as remote networks for R1's tunnel. On R2 for example you have to translate the R2 LAN (NAT) to R2 LAN (Real) but in the S2S-Configuration you will have to use the same network(s) you defined on R1. 
 For example:

My "real" subnet in this case would be the 192.168.52.0/24 subnet, but in all tunnels only the 192.168.27.0/24 will appear. 
 The imaginary firewall with the 60.0/24 subnet would have 192.168.27.0/24 and 192.168.61.0/24 as remote networks. This firewall can NAT its own subnet again and it could be in fact 192.168.78.0/24. 
 What you need to do is to create the network definition "original subnet" before you can select them in the S2S definition. You can not create it in the dropdown. 
 
 Regards, 
 Kevin

S2S VPN Configuration

Top Replies