solution #1 is fine. But for solution #2 it is unlikely it will work.Or it will depend of the equipement behavior.

For the 1st outgoing packet, why R1 would send it towards R2 whereas it as the 10.0.0.0/24 network as directly connected network in its routing table ? It will go back to Seattle. Or maybe if the NAT is done after the routing it might get out (called server side NAT on some vendor).

Now for the VPN, you will have a policy encrypting traffic between 10.1.1.0/24 and 10.0.0.0/24, but your device must accept to have 10.0.0.0/24 defined as remote VPN network whereas it has it locally directly connected. It will aslo conflict with some vendors if you have other non NAT VPN on same device as 10.0.0.0/24 will be defined already as local VPN network and cannot be defined twice.

And for the return packet, if R1 is doing andispoofing, it will complain that it receives a 10.0.0.0/24 source on the external side as this is an internal network for him.

Jim

Thanks Ed for the reply.
Let’s say PC”A” (eg. 192.168.0.77) and PC”B” (eg. 192.168.0.88) wants to communicate over VPN tunnel but they are sharing same subnet mask (255.255.255.0). In this case, is this possible to avoid NAT and use some other means to have communication?

They cannot.

IP was meant to uniquely identify every device on the Internet. RFC1918 allowed the re-use of IP space (10.x, for instance) which “broke” the original intent of IP that every device has a unique address. Hence, we play games with NAT to make it look like pcA and pcB are speaking to IP addresses in foreign networks.

Short of other such work arounds, two devices physically sitting in foreign networks, but sharing IP space cannot communicate.

Taking reference from the example network used in blog, lets suppose both PC”A” and PC”D” wants to transfer data using some protocol where only their original IP address can be used (not the translated one) to address the Host. How in that scenario, they would be able to communicate?

Is Solution #2 (Policy Twice NAT on One side) for overlapping networks is possible with Cisco CSR Router? if so could you please help me with sample commands. 

I watched all your videos including Twice NAT on IOS router but couldn’t configure it. If you provider sample configuration based on above image that would be helpful.
Thank you!

What do you mean? Perhaps post the question on Discord: pracnet.net/discord

Often it’s easier to simply change the IP address assigned to VPN clients so it doesn’t overlap with their home network, or a foreign VPN network.