06-28-2010 09:58 AM
1.) VLAN/Subnet (extend the same IP subnet across two distinct sides of a VPN tunnel, (for instance 192.168.1.0/24 exists at both sides of the VPN.) I have not seen a solution for this functionality.
2.) DHCP or BOOTP across VPN. That is possible using a ip helper or DHCP forwarder. Works perfectly.
3.) Multicast. Netscreen does not support Dense mode, which makes my multicast needs very unrealistic over a VPN Tunnel. It is possible to use PIM - Protocol Independant Multicast across the VPN, but specific Multicast Routes and specific Mulitcast Policies are required, making it next to impossible for my configuration.
06-29-2010 07:36 PM
Yes, you can using NAT to address overlapping subnets over a VPN. The C&E guide has a few examples.
If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
06-30-2010 12:55 AM
I do recommend to change addressing, otherwise you get a permanent source of problems and lose the overview (f.e. where is the DHCP-assigned 192.168.1.x now?). Besides, the arp-q's and arp-r's cannot be transported over the VPN.
Using NAT, as recommended by John, will help you to make a clean migration. And you can still use ip helper and DHCP forwarder.
You do not need PIM to transport multicast between two SSGs over VPN. IGMP Proxy functionality is very good documented in the C&E (Routing). Tunnel interfaces can function as IGMP Proxies, both in Host and Router mode. But you need a Multicast policy that enables IGMP transport over VPN.
07-07-2010 10:40 AM - edited 07-07-2010 10:40 AM
Have you looked into VPLS? (can't do w/ screenos)
Juniper Elite Partner Enterprise Solutions Provider & Service Provider Infrastructure
Operate & Implement Specialist
Hit the Kudos button if my info helps.
and if this worked for you please flag my post as an "Accepted Solution" so others can benefit.