Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Same destination LAN on each end of a VPN tunnel.

Jump to solution

danb wrote:  One further note, the VPN selectors must be configured to select the traffic as viewed from the peer.  I tried configuring my VPN selector ACL using the inside address of my LAN and it failed.

Yes, so it should!  I think I got it now! 

The mechanism suggested by noor is different to the vanilla VPN that I had in mind, where policy-class stateless connections manage the traffic through the Netvanta.  In your implementation, using your LAN address fails because both Netvanta and Sonicwall have the same LANs.  The NAT mechanism will change the source packet headers from say to the NAT'ed address facing the peer.  Hence, no clash between the two LANs.

Thank you both for helping me understand this.