Fortinet black logo

Cookbook

Home FortiGate / FortiOS 6.0.0 Cookbook

Planning the new addressing scheme

6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:988783
Download PDF

Planning the new addressing scheme

In order for overlapping subnets to be able to communicate over a route-based IPsec tunnel, new virtual subnets of equal size must be decided upon and used for all communication between the two overlapping subnets.

Note

Devices on both local networks DO NOT need their IP addresses changed. However, the devices/users will need to be sure to use the new subnet range of the remote network when communicating across the tunnel.

In this example, you perform a one-to-one mapping of HQ’s 192.168.1.0/24 network to 10.1.1.0/24, and Branch’s 192.168.1.0/24 network to 10.2.2.0/24. This will allow HQ clients to use Branch’s new subnet to communicate to Branch clients, and vice-versa.

Previous
Next

Planning the new addressing scheme

In order for overlapping subnets to be able to communicate over a route-based IPsec tunnel, new virtual subnets of equal size must be decided upon and used for all communication between the two overlapping subnets.

Note

Devices on both local networks DO NOT need their IP addresses changed. However, the devices/users will need to be sure to use the new subnet range of the remote network when communicating across the tunnel.

In this example, you perform a one-to-one mapping of HQ’s 192.168.1.0/24 network to 10.1.1.0/24, and Branch’s 192.168.1.0/24 network to 10.2.2.0/24. This will allow HQ clients to use Branch’s new subnet to communicate to Branch clients, and vice-versa.

Previous
Next