From: mike-newsgroup@-DELETETHISPART-.upcraft.com   
      
   Gert Wurzer wrote:   
   > Hello again!   
   >   
   > First of all thanks for your answer!   
   > Yes, I can create a tunnel to the two offices with fixed, single IPs.   
   > It's not necessary that the offices can see each other, but I need to   
   > connect to them not only from a single machine in the headquarter. The   
   > whole subnet should be able to establish connections to both offices.   
   > Thus the local IP adress ranges of the two rules would overlap, and the   
   > zywall says, that this is not allowed!   
   >   
   > Thanks in advance for any further hints and best Regards   
      
   If your branches and head office have conflicting network addresses then   
   the best thing to do is renumber them.  It's technically possible to   
   connect multiple subnets with the same remote LAN addresses if you use   
   network address translation but this is a last resort solution.  Many   
   networking protocols fail to work under NAT.   
      
   You should have a unique address range for every office in your   
   organization.  You should also avoid using the very common private   
   ranges used in consumer routers to avoid conflicts with employees home   
   networks if you decide to enable remote access.  (Stay far away from   
   192.168.0.xxx and 192.168.1.xxx)  I suggest you use 10.xxx.xxx.xxx for   
   your internal networks.  You can vary the second and third sets of   
   numbers for each branch or region.   
      
   --   
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike-newsgroup@-deletethispart-.upcraft.com)   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)