It's true. When doing router-to-router VPNs, like Linksys (BEF)SX41s and VP41s, you cannot talk to someone with the same DNA (IP address on the same segment) through a tunnel.
You must use distinctly different segments at each end, or a packet in the tunnel doesn't know which way to turn.
Yet... routers or VPN servers using DHCP to dispense numbers for road-warrior clients must be giving out numbers in the same family (same segment).
Can someone confirm this, or steer me straight?
It doesn't seem scalable that road warriors wanting to reach a 192.168.1.0 segment must be numbered 192.168.2.something.
When you have a lot of scattered offices, you can go nuts looking for "other" segments for the road warriors to use.
It seems to me an issue of more sophisticated routing on the target LANs.
Are there routers that tolerate remote clients having real numbers or virtual addresses on the same segment?
You must use distinctly different segments at each end, or a packet in the tunnel doesn't know which way to turn.
Yet... routers or VPN servers using DHCP to dispense numbers for road-warrior clients must be giving out numbers in the same family (same segment).
Can someone confirm this, or steer me straight?
It doesn't seem scalable that road warriors wanting to reach a 192.168.1.0 segment must be numbered 192.168.2.something.
When you have a lot of scattered offices, you can go nuts looking for "other" segments for the road warriors to use.
It seems to me an issue of more sophisticated routing on the target LANs.
Are there routers that tolerate remote clients having real numbers or virtual addresses on the same segment?