- Posts: 9
- Thank you received: 0
PIX-to-PIX VPN using one subnet, is it possible?
- GreatOne52782
- Topic Author
- Offline
- New Member
-
Less
More
18 years 7 months ago #13107
by GreatOne52782
PIX-to-PIX VPN using one subnet, is it possible? was created by GreatOne52782
Hello all,
I came across this site and absolutely love it. I am a newbie when it comes to routing, subnetting, supernetting, and all that fun stuff.
I have a question that I can't seem to get a good answer to, so I figured I would post and see what kind of responses I get.
I have a test network that I have setup so that I can play around with new technologies as they develop and don't have to worry about "testing" on client's networks.
My test network consists of the following:
Network A (192.168.10.x, 255.255.255.0)
3 PCs, 1 Server behind a PIX 501
Network B (192.168.1.x, 255.255.255.0)
3 PCs, 1 Server behind a PIX 501
I have both networks joined with a site-to-site VPN using the PIXes.
Essentially they can all talk and act as a network, which is great.
The question that I have is:
Is there anyway to have all PCs on the same subnet (i.e. 192.168.1.x, 255.255.255.0) while connected via the site-to-site VPN?
I want to achieve this so that I can play a game with my brother every now and then when time permits.
As you probably know, when playing a game over a LAN, it only considers PCs with the same first 3 octets of the IP to be local (so if I start a game on the 192.168.1.x network, my PCs on the 192.168.10.x network can't join the LAN game).
Anyone have any ideas?
I came across this site and absolutely love it. I am a newbie when it comes to routing, subnetting, supernetting, and all that fun stuff.
I have a question that I can't seem to get a good answer to, so I figured I would post and see what kind of responses I get.
I have a test network that I have setup so that I can play around with new technologies as they develop and don't have to worry about "testing" on client's networks.
My test network consists of the following:
Network A (192.168.10.x, 255.255.255.0)
3 PCs, 1 Server behind a PIX 501
Network B (192.168.1.x, 255.255.255.0)
3 PCs, 1 Server behind a PIX 501
I have both networks joined with a site-to-site VPN using the PIXes.
Essentially they can all talk and act as a network, which is great.
The question that I have is:
Is there anyway to have all PCs on the same subnet (i.e. 192.168.1.x, 255.255.255.0) while connected via the site-to-site VPN?
I want to achieve this so that I can play a game with my brother every now and then when time permits.
As you probably know, when playing a game over a LAN, it only considers PCs with the same first 3 octets of the IP to be local (so if I start a game on the 192.168.1.x network, my PCs on the 192.168.10.x network can't join the LAN game).
Anyone have any ideas?
18 years 7 months ago #13111
by havohej
Replied by havohej on topic Re: PIX-to-PIX VPN using one subnet, is it possible?
hi.
as you know a pix is a routing device, not a bridging device, so for two different networks o subnets to work, you must route them with both pix.
you mentioned the game to work only cheks the first 3 octets of the address on all devices.
so for the game to work you must subnets the first class C address:
192.168.1.0 /24
yo can subnet it in 2 subnets :
subnets A
192.168.1.0 / 29
subnet B
192.168.1.8 /29
in each subnet you have 6 usable hosts, so with each subnet assigned to each pix you can route them and in each subnet address the first 3 octets match so for the game to work.
answering for the question you asked :
Is there anyway to have all PCs on the same subnet (i.e. 192.168.1.x, 255.255.255.0) while connected via the site-to-site VPN?
the answer is no, with that mask no.
as you know a pix is a routing device, not a bridging device, so for two different networks o subnets to work, you must route them with both pix.
you mentioned the game to work only cheks the first 3 octets of the address on all devices.
so for the game to work you must subnets the first class C address:
192.168.1.0 /24
yo can subnet it in 2 subnets :
subnets A
192.168.1.0 / 29
subnet B
192.168.1.8 /29
in each subnet you have 6 usable hosts, so with each subnet assigned to each pix you can route them and in each subnet address the first 3 octets match so for the game to work.
answering for the question you asked :
Is there anyway to have all PCs on the same subnet (i.e. 192.168.1.x, 255.255.255.0) while connected via the site-to-site VPN?
the answer is no, with that mask no.
- GreatOne52782
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 9
- Thank you received: 0
18 years 7 months ago #13116
by GreatOne52782
Replied by GreatOne52782 on topic Re: PIX-to-PIX VPN using one subnet, is it possible?
Thanks for the response.
I just assumed that the game was limited to the first three octets of the IP, I am not sure whether it is reliant upon the 192.168.x.x or reliant on the 255.255.255.0.
I was trying to brainstorm about potential ideas. I don't have a great understanding of RRAS (Routing and Remote Access) but would this work...?
I put 2 NIC cards in both servers (one for WAN and one for LAN). I have the PIX on each site plugged into the WAN port using a totally different IP scheme (i.e. 10.0.0.x) for just the VPN connection. I then have the LAN card on the local network at both sites using the same 192.168.10.x, 255.255.255.0 scheme. Then could I use RRAS on both Windows servers to establish routing tables so that traffic is directed to the right location?
I don't know if this is feasible. I was just trying to brainstorm, because I really want to be able to accomplish this.
I did find something on Cisco's site referencing creating a site-to-site VPN with overlapping IPs (as if companies had merged that previously had the same IP scheme). The example referenced Cisco routers, which got me thinking about the RRAS.
Any ideas on this?
I just assumed that the game was limited to the first three octets of the IP, I am not sure whether it is reliant upon the 192.168.x.x or reliant on the 255.255.255.0.
I was trying to brainstorm about potential ideas. I don't have a great understanding of RRAS (Routing and Remote Access) but would this work...?
I put 2 NIC cards in both servers (one for WAN and one for LAN). I have the PIX on each site plugged into the WAN port using a totally different IP scheme (i.e. 10.0.0.x) for just the VPN connection. I then have the LAN card on the local network at both sites using the same 192.168.10.x, 255.255.255.0 scheme. Then could I use RRAS on both Windows servers to establish routing tables so that traffic is directed to the right location?
I don't know if this is feasible. I was just trying to brainstorm, because I really want to be able to accomplish this.
I did find something on Cisco's site referencing creating a site-to-site VPN with overlapping IPs (as if companies had merged that previously had the same IP scheme). The example referenced Cisco routers, which got me thinking about the RRAS.
Any ideas on this?
- GreatOne52782
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 9
- Thank you received: 0
18 years 7 months ago #13124
by GreatOne52782
Replied by GreatOne52782 on topic Re: PIX-to-PIX VPN using one subnet, is it possible?
I did find this:
IPSec between PIX Firewall and Cisco VPN 3000 Concentrator with Overlapping Private Networks
www.cisco.com/en/US/customer/tech/tk583/...186a00800949f1.shtml
But it uses a PIX and a VPN Concentrator. This is pretty much what I need, but using 2 PIXes instead.
Any thoughts?
IPSec between PIX Firewall and Cisco VPN 3000 Concentrator with Overlapping Private Networks
www.cisco.com/en/US/customer/tech/tk583/...186a00800949f1.shtml
But it uses a PIX and a VPN Concentrator. This is pretty much what I need, but using 2 PIXes instead.
Any thoughts?
- GreatOne52782
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 9
- Thank you received: 0
18 years 7 months ago #13125
by GreatOne52782
Replied by GreatOne52782 on topic Re: PIX-to-PIX VPN using one subnet, is it possible?
Let me throw another variable in the works...
Since I have a server on both sides, I could configure RRAS to act as a VPN server and establish a VPN connection when I want to play games. The only problem that this poses is that the subnet given on a VPN connection is the broadcast 255.255.255.255, which obviously isn't the same as 255.255.255.0.
Any ideas?
Since I have a server on both sides, I could configure RRAS to act as a VPN server and establish a VPN connection when I want to play games. The only problem that this poses is that the subnet given on a VPN connection is the broadcast 255.255.255.255, which obviously isn't the same as 255.255.255.0.
Any ideas?
- GreatOne52782
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 9
- Thank you received: 0
18 years 7 months ago #13144
by GreatOne52782
Replied by GreatOne52782 on topic Re: PIX-to-PIX VPN using one subnet, is it possible?
Another idea...
Could it be that when my brother hosts a game, that it broadcasts its location and that the broadcast isn't being sent over the VPN (since the PIX is acting as a router)?
If so, can you configure a PIX to allow broadcast traffic?
Does any one have any ideas about any of these?
Could it be that when my brother hosts a game, that it broadcasts its location and that the broadcast isn't being sent over the VPN (since the PIX is acting as a router)?
If so, can you configure a PIX to allow broadcast traffic?
Does any one have any ideas about any of these?
Time to create page: 0.129 seconds