overlapping subnet in site- natting config not working
[ Edited ]
I have scenario wher Main office and Site office are connected through IPSEC.
where has (range 10.10.0.0/24) Main office (other vendor Router) <-> Site office X - SRX (which has local ip on same subnet 10.10.0.0/24).
On Site office X I tried something like on SRX for Natting this but it's not working, any suggestions.
set security nat static rule-set A-B from routing-instance OrgA set security nat static rule-set A-B rule A match destination-address 22.214.171.124/24 set security nat static rule-set A-B rule A then static-nat prefix 10.10.0.0/24 routing-instance OrgB set security nat static rule-set B-A from routing-instance OrgB set security nat static rule-set B-A rule B match destination-address 126.96.36.199/24 set security nat static rule-set B-A rule B then static-nat prefix 10.10.0.0/24 routing-instance OrgA
set routing-instances OrgA instance-type virtual-router interface ge-0/0/5.0 # have 10.10.0.200 address set routing-instances OrgB instance-type virtual-router interface st0.254 # other site connected to VPN has 10.10.0.0/24 subnet.
Re: overlapping subnet in site- natting config not working
When you have overlapping ip ranges across vpn you need to do the translation you have noted on BOTH sides.
Site X uses x.x.x.y/24 for the remote resources
hub site uses x.x.x.z/24 for the remote resources
Both vpn devices the SRX and the other vendor need to do the full subnet translation on their side for the remote.
Also note that if DNS is involved in getting resource addresses in these subnets for either side you will need to have a strategy to get the revised ip address information to the affected client subnet only for that resource.
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home