0

We need to configure Site-to-Site VPN with our customer.

Our local subnet: 192.168.16.0 / 24

VPN configuration:

  • Remote Subnet: 192.168.44.0 / 24
  • Local Subnet: 192.168.93.200 / 29

As you can see the VPN local subnet is not our local subnet. The customer is dictating the VPN configuration so we cannot change it. We don't want to change our subnet, because it will give us only 6 usable IPs to connect to the remote subnet through VPN. We would like to have access to the remote subnet from all our computers.

As I see it we would need to setup some kind of NAT on the VPN, but I didn't find any possibility to do this on our router. We use TP-LINK TL-ER6120

Is there any router that can do this kind of NAT on the VPN?

Kenshin
  • 3
  • 2

1 Answers1

1

Is there any router that can do this kind of NAT on the VPN?

Of course - they wouldn't be asking you to do this otherwise. :)

More or less all Cisco devices that support IPsec will do this. Personally, I use pfSense, and it supports NAT-before-IPSec as well.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • pfSense seems like good choice, but we can't buy them in Slovakia. So the other choice would be Cisco. I don't think that all Cisco routers can do NAT-before-IPSec. I will look into it, but can you recommend me some routers with dual WAN ports, that can do NAT-before-IPSec (they can be any brand)? – Kenshin Mar 11 '16 at 19:59
  • pfSense will run on a wide variety of hardware - you don't need to purchase it from them. There's a Belgian company called PC Engines that sells pfsense-compatible hardware that you may have better luck purchasing from. In fact, pfSense is freely-downloadable, and can even run on a commodity x86 server if you want to go that route. – EEAA Mar 11 '16 at 20:03