Dealing with IP address overlapping
 
|
|||
 | |||
|
Sign up to receive this and other networking newsletters in your inbox.
Using a virtual private network to bring together existing smaller networks creates on almost inevitable headache: overlapping private IP addresses.
This issue can be resolved using double network address translation (NAT) at sites where the gear has private IP addresses that overlap with addresses at other sites. But that is very complex to configure.
Advertisement: |
Some VPN users believe that rather than setting up double NATs, it is actually easier in the long run to renumber the devices whose numbers overlap.
Because of the complexity of using NAT in an IP Security VPN, the Internet Engineering Task Force is considering proposals for standards that would greatly reduce the need for NAT in IPSec VPNs. One suggestion would give all servers on the VPN a global address, eliminating the need for an address translation.
Those measures would be stopgaps until IPv6 becomes widely deployed. IPv6 will provide enough public IP addresses to go around so NAT becomes less necessary.
This potentially reduced addressing complexity is another reason to consider moving to IPv6 stacks if you are considering setting up a VPN. If you already have a VPN that is growing, IPv6 might also be a solution for your NAT nightmare.
Tim Greene is a senior editor at Network World, covering virtual private networking gear, remote access, core switching and local phone companies. You can reach him at tgreene@nww.com.
Standard needed so VPN failures can be detected
Network World, 08/02/99
Review: VPNs
Network World, 05/10/99
Review: VPN/firewalls
Network World, 04/19/99
Archive of Network World on Virtual Private Network newsletters
