From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: IPSec and overlapping subnets Date: Mon, 14 Sep 2020 14:40:55 -0400 Message-ID: <661d35dc-a096-c8d7-b99c-4c355c497767@rymes.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3884394932385716967==" List-Id: --===============3884394932385716967== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit We have a situation that we have always worked to avoid in the past by renumbering networks, but it's not an option this time. Namely, We need to connect our subnet 10.100.0.0/23 over an IPSec tunnel to a location that has an overlapping subnet. So, we need to NAT traffic back and forth, and I'm frankly not certain how to achieve it. Basically, the remote side wants to pretend that we are 10.100.252.0/23, so we need to do some magic to translate the source and destnation subnets. Can anyone point out a good method to achieve this? Tom --===============3884394932385716967==--