Here's my question:
I have set up a VPN IPsec LAN2LAN (or site2site) with the following parameters:
local subnet: 10.178.51.64/27
remote subnet : 10.174.0.0/16
The vpn tunnel comes up correctly but the problem is that I can't ping or send any data to the remote subnet machines.
That's because my 'real' subnet is 192.168.1.0/24 but my partner want that I connect with the subnet specified up. I can't change my subnet , can I achieve this connection with my router which is a NETGEAR ProSafe VPN Firewall FVS338 ?
Thanks in advance
Best Answer
In order for a site2site VPN tunnel to work correctly you typically have two choices to setup the tunnel.
First, is route based. You create the tunnel between two WAN interfaces and then setup routes in the firewall that says "to get to this LAN subnet go out the tunnel". Typically you still need to specify a policy on each end as well, but just an ALLOW policy between the two subnets.
Second is policy based. You create the tunnel between two WAN interfaces, but instead of setting up new routes, you setup policies and tell the policy to TUNNEL across that new VPN tunnel you created when sending traffic for those two subnets.
All that said, in your case if you are specifying local and remote subnets then those local and remote subnets will have to be the actual subnets that are to be routed/used (in your case the 192.168.1.0/24), otherwise you'll have to do some translation on your side with NAT change whatever subnet is yours in the question (the 10.x) to become 192.x internally, basically double-NATing, which gets tricky.
My advice is to get with your partner and explain this and find out why they don't want you to use 192.168.1.0/24 as your subnet. Maybe they have another local subnet on that range, etc.
In best practice you really shouldn't be using that subnet though. Use a different private LAN subnet...that one will just give you headaches with people's home networks when it comes to split tunneling, etc.