XPost: comp.security.firewalls   
   From: venger@augustmail.com   
      
   Gentlemen -   
      
   Have a client with a pair of offices linked with Sonicwall VPN between   
   them - 192.168.1.X and 2.X. Works famously, better than I ever expected it   
   to.   
      
   We wish to connect a laptop to one of the office firewalls across the   
   internet via VPN. This brought about a conflagration of conflicting thoughts   
   about what can, and cannot, be done.   
      
   If said laptop is behind a NAT router with a 192.168.1.X address, it cannot   
   create a VPN to the first Sonicwall - the destination route and local route   
   are the same. If we were to connect to the second firewall, it would appear   
   that since that firewall is already attached via a site to site VPN, it   
   would have a conflict between two VPN connections, with overlapping address   
   space.   
      
   Which then begs the question... how can you support dozens of clients who   
   could quite possibly each have the same private NAT address, say   
   192.168.1.100, much less similar address space?   
      
   NAT Traversal?   
      
   Any information is definitely appreciated. Our Sonicwalls talk to each other   
   fine, but are barfing on connecting the laptop. I assume that NAT traversal   
   is an issue here, the firmware is 5.1.7.0 and they do not currently support   
   NAT traversal on that firmware release...   
      
   Thanks,   
      
   Venger   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)