IP Address Space Overlap
With corporate mergers, branch office consolidations, and partner collaborations being common, often an organization must create a VPN to another network that uses the same private address subnet. Because both networks use the same internal IP addresses, it is not possible to build a tunnel between these two sites. However, if the tunnel endpoints on both sides are Juniper services routers, it is possible to configure a tunnel between these sites with an advanced configuration using NAT.
Because the range of private IP addresses is relatively small, there is a good chance that the addresses of protected networks of two VPN peers overlap. For bidirectional VPN traffic between two end entities with overlapping addresses, the security devices at both ends of the tunnel must apply Source Network Address Translation (NAT-src) and Destination Network Address Translation (NAT-dst) to the VPN traffic passing between them.
Leave a Reply