Mutual Access Between Hosts on Overlapping Networks

In practice, IP address overlapping may occur. For example, if two companies with private IP addresses in the same network segment are merged, re-planning private IP addresses of the merged company will greatly increase the difficulty of network management. Users expect that the hosts on the two networks can access the Internet and do not need to obtain IP addresses again. In this case, NAT for overlapping networks can be used to implement mutual access between hosts with overlapped addresses. There are two typical scenarios: one is the mutual access between intranet hosts with an overlapped IP address, and the other is the mutual access between intranet and extranet hosts with an overlapped IP address.

Mutual Access Between Intranet Hosts with an Overlapped IP Address

If hosts in different VPNs use the same private address and access the Internet through the same egress device, NAT for overlapping networks must be performed. As shown in Figure 5-23, host A and host B belong to different VPNs but have the same private IP address. Host A and host B need to communicate with the extranet server. In this case, you can configure dynamic NAT associated with VPNs and static NAT associated with VPNs to allow intranet hosts in different VPNs to access the extranet server.

Figure 5-23 Mutual access between intranet hosts with an overlapped IP address

Mutual Access Between Intranet and Extranet Hosts with Overlapped Addresses

When an intranet host uses a public IP address to access an extranet host with the same IP address, NAT for overlapping networks must be implemented. As shown in Figure 5-24, host A and host B have the same IP address, and they want to communicate with each other. In this case, twice NAT and dynamic NAT can be used to implement mutual access between them.

Figure 5-24 Mutual access between intranet and extranet hosts with overlapped IP addresses