Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 8937 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT to Subnet behind Remote RED because of same IP Ranges

Joachim Knop

Hello together,

 

We are having a SG230 with actual 5 RED 15w Devices to Remote Branch-Offices. This is working fine.

Actual we have IP 10.16.0.0/24 on Headquarters and on each Branch Office IP like 10.16.20.0/24. 
Now, we should integrate an existing network on each Branch with existing Devices. On each Side we install an L3 Switch ad route between the Subnets.

The Problem is, that this machine network has the same IP Range on each Branche office 192.168.34.0/24.

 

How can I solve this?? I spend many time in testing with destination NAT and 1:1 Nat from Headquarter, but without success. 

 

Perhaps someone can help to find the right way

 

Thank you in advance

best regards

Joachim



This thread was automatically locked due to age.
Parents
  • 0

    This is a real pain in the *ss. From where do you need to reach those "same" subnets? Do you need to reach every of these subnets from every other location?

    Please explain in more detail from where you need to access which subnets.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    I want to reach this Subnets mainly from the Headquarter Network 10.16.0.0/24.

    I thought I can define a virtual Subnet, f.e 10.17.20.0/24, and define a 1:1 Translation into 192.168.34.0/24 on remote side.

    As a secound I have to route the Subnet to physical remote Router 10.16.20.253

    But it doesn't work.

    The Connection /Routing between the two subnets on remote side is working fine.

  • 0 in reply to Joachim Knop

    Your dnat (which is what Ziel zuordnen really is) will not work since HQ doesn't know where to deliver this traffic. You are right that using NAT can be a solution in these cases, but this is usually done between to firewalls in an IPSEC tunnel. Then you can put the "virtual" range inside the tunnel and use NAT rules to translate the virtual range back to the real range. I don't think this is possible using RED networking, since there is no device on the remote end that can translate the virtual range back to the real range.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to Joachim Knop

    Your dnat (which is what Ziel zuordnen really is) will not work since HQ doesn't know where to deliver this traffic. You are right that using NAT can be a solution in these cases, but this is usually done between to firewalls in an IPSEC tunnel. Then you can put the "virtual" range inside the tunnel and use NAT rules to translate the virtual range back to the real range. I don't think this is possible using RED networking, since there is no device on the remote end that can translate the virtual range back to the real range.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML