IPsec with overlappting subnet setup

RouterOS General
1

I am currently setting up an IPsec tunnel, but on my end I have the same subnet as another customer on another end. The guy that is wanting me to set this up, wants me to use 10.90.122.0/24 as the natted lan for the ipsec.


My router:

WAN - xxx.xxx.xxx.1
LAN - 192.168.1.0/24


He is using a Sonicwall router and I don’t know the IP info for him, but I know the router that will be a conflict, has the same LAN ip of 192.168.1.0/24

So I’m needing to somehow netmap or hide 192.168.1.0/24 behind the 10.90.122.0/24 subnet for the ipsec.

Is this something that is even possible or should I just change my internal subnet to 10.90.122.0/24 and be done?

The ipsec is working, I just don’t know how to place my 192.168.1.0/24 with 10.90.122.0/24 so that when he pings or access 10.90.122.35 it will go to the computer at 192.168.1.35

2

Try this:

http://forum.mikrotik.com/t/ipsec-overlapping-private-networks/42947/1

3

Thanks for the link.

I added a src-nat rule, but not sure if I did it correctly.

chain - src-nat
src-nat address - 192.168.1.0/24

action - netmap
to address - 10.90.122.0/24

I placed this rule at the top of my nat rules with my masquerade below it. Not sure which order it should be in.

My masquerade rule is src-nat’d to the 192.168.1.0/24 network.


If I do it this way I no longer have an internet connection. Should the src-nat instead read as follows:

chain - src-nat
src-nat address - 10.90.122.0/24

action - netmap
to address - 192.168.1.0/24