[c-nsp] best way to get around IPSEC subnet Conflicts.
Alexander Clouter
alex at digriz.org.uk
Sat Aug 13 04:13:10 EDT 2011
Brent Roberts <brentrob at wirezsound.com> wrote:
>
> I am looking for the best way to get around IP conflicts (On the Far
> Side) in fully redundant Hardware solution. I am working in a large
> Scale Hosted application environment and every 5th or so customer has
> the same RFC1918 Address that every other small shop has.
>
Depends on how involved you are at the client end, but if this occurs
regularly and is a pain, maybe getting some IPv6 in there might help?
Unique address space is afterall one of it's biggest selling points and
at the client end you do not even have to make it Internet routable;
just an internal LAN/VPN deployment.
As you have not mentioned what the application is (developed inhouse?)
then I have no idea if this is a silly option, but if you are
considering a pile of 6500's and what-not...the IPv6 route might
actually be cheaper and cause a lot less damage to your brain being
forced to think about VRF + IPSEC + NAT + OSPF +
<pile-of-likely-hacks-needed>.
Just putting it out there... :)
Cheers
--
Alexander Clouter
.sigmonster says: Serfs up!
-- Spartacus
More information about the cisco-nsp
mailing list