Trying to figure out how to do spoke hub ipsec tunnels with overlapping IPs. We have multiple customers that each have their own internal IPs, we'd like to setup our Untangle in the office with ipsec tunnels to each customer. The problem is many customers have overlapping IPs (ie. Customer A has 192.168.1.0/24 and Customer B has 192.168.1.0/24). I believe I have the idea of how to do it listed below but would like feedback before I break someones network testing =).
Uncheck box for NAT WAN only.
Create NATing for each customer giving them a new 10.0.0.0/24 address range (ie. Customer A gets 10.0.1.0/24 and Customer B gets 10.0.2.0/24).
In the NAT setup one connection for every customer use local network as as a special /24 that doesn't conflict with anyone and for remote network use 10.0.0.0/24 range we setup for customer. On the customer end create a NAT that change the 10.0.0.0/24 request back to a 192.168.1.0/24 address.
Internal IP: 192.168.200.0/24
- 10.200.0.0/24 to 192.168.200.0/24 (1-to-1)
VPN (customer A)
- Local Network: 10.200.0.0/24
- Remote Network: 10.0.1.0/24
Internal IP: 192.168.1.0/24
- 10.0.1.0 to 192.168.1.0/24 (1-to-1)
- Local Network: 10.0.1.0/24
- Remote Network: 10.200.0.0/24