Two IPSec with same subnet on their end

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Two IPSec with same subnet on their end

L0 Member

I can't find a How-to document or community comment on this exact issue.  Some that are close.  And maybe I didn't search with the right terms.

 

I have one customer that connects to a resource on our network.  We set up an IPsec VPN between them and us.  Their inside subnet is 192.168.1.0/24.  I set up a static route on our 'default' router that moves all 192.168.1.0/24 traffic to 'Tunnel 4' (their tunnel).

 

I'm trying to add a second customer via IPsec VPN, but they have the same inside subnet.  I don't have the ability to tell either of them to create a NAT rule on their ends, so I'm trying to work it all out on my end.

 

I've thought about creating a separate virtual router with a separate public IP and using that as the VPN endpoint for them.  I just wanted to make sure that is the best way to go about this.  Seems I could just create a NAT rule that translates their IP address into something else and then, I could just route traffic to/from that (something else) IP range to 'Tunnel 5' (the new tunnel).

 

Is this something easy that I'm just overlooking?  Am I on the right track with that NAT idea?  Or is the separate router the best option?

 

I appreciate any help and opinions given.

Kevin



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

Are the devices on the customers end  Policy based? Here is an older article that may help out.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClUFCA0

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNxCAK

 

Regards,

  • 2588 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!