how will this work (pic attached)

[omd]

NAT is only one part of the solution. We still need to do something to get the packets moving in the right direction. That's where name service (host file or DNS) comes in.

The problem is that if PC1 begins communications with the address 192.168.1.2, it will communicate with PC2... Always, every time, no exceptions. So, if we need PC1 to talk to PC12, how do we make that happen? We have to fool PC1 into thinking that the PC12 has some other address. We do this by configuring the name service on PC1 to equate the hostname PC12 with some other IP address.

To illustrate with a simple example, let's say that PC12 is running a web server that we want to be able to access from PC1. We could put an entry in PC1's host table (or put an entry in PC1's DNS server) that basically says that the IP address of PC12 is the outside address of R2, that is 192.168.2.2. We would also configure R2 for port forwarding. Therefore, PC1 would send the packets to R2 and when the packets arrive at R2 with a desination port of 80 (http), R2 would pass those on to PC12. We also have to get the responses back to PC1. If PC12 thinks the packets came from 192.168.1.1, then it will send the responses to PC11; not what we want. For this simple case, (and assuming there is no reason to not do this) we could configure R1 for NAT overload. That way, the packets sent by PC1 would have 192.168.2.1 as their source address, and PC12 would think the responses should go to the outside interface (192.168.2.1) of R1. Once there, the NAT configuration on R1 would result in the responses being forwarded to PC1.

A more complex situation might call for many hosts at both locations being accessible from all PCs at both locations. In that case, you would probably configure a couple of phantom networks. Let's say you assigned 172.16.1.0/24 to the site on the left of the drawing, and 172.16.2.0/24 to the site on the right. The routers would be configured for one-to-one NAT.

R1 would translate like this:

192.168.1.1 <-> 172.16.1.1
192.168.1.2 <-> 172.16.1.2
192.168.1.3 <-> 172.16.1.3

and R2 would translate like:

192.168.1.1 <-> 172.16.2.1
192.168.1.2 <-> 172.16.2.2
192.168.1.3 <-> 172.16.2.3

The DNS server at site 1 (the left of the drawing) would have entries like:

172.16.2.1 <-> PC11
172.16.2.2 <-> PC12
172.16.2.3 <-> PC13

and DNS at site 2 would have:


172.16.1.1 <-> PC1
172.16.1.2 <-> PC2
172.16.1.3 <-> PC3

Now, the hosts at site one are fooled into believing that the hosts at site two are configured with 172.168.2.x addresses. Hosts at site two believe site one has 172.16.1.x addresses. Both NAT and DNS are required to make this work. With the phantom networks in place, there will be no restrictions as to which machines can talk to one another and no restrictions on the services (ports numbers, I.E., web, ftp, ssh, etc.) that can be used.


As someone already said, this situation typically comes up when two businesses merge. How you solve the problem of having the same IPs at two sites would depend on the complexity of the problem, that is whether just a very few machines need to communicate between the sites, or a very large number. In any event, I think the best long term solution is to renumber one of the sites so as to eliminate the duplicate addresses.