Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[BigVic]

Hi all,

This is my first message in this forum. I would really appreciate it if you could reply my post ASAP.

Imagine I have to configure a lan-to-lan vpn using a dfl-210. The particularity of this scenario is that both interconnected LANs are overlapped in terms of IP addressing and due to customer's requirements, there is no way to avoid this IP overlapping.

So the dfl-210 should do a NAT before inserting the packets into the VPN IPsec tunnel and viceversa. In fact, according to our customer requirements this NAT should be a port forwarding. That is, I have two PCs on this overlapped LAN with FTP server running (22 TCP port is open at  both PCs) and some PCs from the remote LAN want to access these FTP servers at the same time. So one at least of this TCP ports 22 should be translated to, for example, TCP port 10000. is this possible with dfl-210 and how could I configure it? If not, which inmediate upper model do you recommend me to support that?

Thanks in advance for your attention

Victor

[BigVic]

Due to project schedule I need an answer for the previous post ASAP. I have read several times the DFL-210 user manual but I have several doubts about its capabilities such as the previous pots.
If you need further information, please do not hesitate to ask it.

Thanks a lot.

[Fatman]

Set up the VPN as per normal, except you should write the VPN route manually so you can proxy ARP it to your LAN.  When setting up your IP rules ensure that you select NAT instead of allow for the outbound rules, and write the inbound rules as port forwards.

I don't know if it will work (as I have never needed a same network VPN), but we might be able to pull off proxy ARP over the IPsec interface.