https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800406#M1003238 <HTML><HEAD></HEAD><BODY><P>Hi Jason,</P><P></P><P>What type of VPN tunnels are we talking about? site to site or RA VPN?</P><P></P><P>if this is a site to site VPN then you will need to use outside NAT through the tunnel to NAT the new customer's network into a one that is different from the other one. it goes sth like this:</P><P></P><P>static (in,out) x.x.x.x x.x.x.x</P><P>static (out,in) z.z.z.z y.y.y.y</P><P></P><P>where:</P><P>x.x.x.x: your internal network</P><P>y.y.y.y: customer2's actual network</P><P>z.z.z.z: customer2's translated network</P><P></P><P>after this you will access customer2's network using the z.z.z.z addressing, also all the match address access-list should be built on the z.z.z.z subnet <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>If you provide me with the PIX configuration and a simple topology maybe I will be able to assist you a little better in here <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Kindest regards,</P><P>Shadi`</P></BODY></HTML> Thu, 21 Jun 2007 10:26:13 GMT shomar 2007-06-21T10:26:13Z https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800404#M1003233 <P>Hi,</P><P></P><P>My small office currently has a few ipsec VPN clients. Currently, we have a new customers, but this customer has the same subnet with our existing client. Anyone knows how to resolve this issue? Both clients can't change their subnets due to their huge network. Currently, we have a pix firewall 506E.</P><P></P><P>Thanks,</P><P>Jason</P> Mon, 11 Mar 2019 10:29:06 GMT https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800404#M1003233 xomchua76 2019-03-11T10:29:06Z https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800405#M1003236 <HTML><HEAD></HEAD><BODY><P>It's possible if you enable NAT-T in headend (remote end) of the VPN client.</P></BODY></HTML> Wed, 20 Jun 2007 13:59:47 GMT https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800405#M1003236 thomas.chen 2007-06-20T13:59:47Z https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800406#M1003238 <HTML><HEAD></HEAD><BODY><P>Hi Jason,</P><P></P><P>What type of VPN tunnels are we talking about? site to site or RA VPN?</P><P></P><P>if this is a site to site VPN then you will need to use outside NAT through the tunnel to NAT the new customer's network into a one that is different from the other one. it goes sth like this:</P><P></P><P>static (in,out) x.x.x.x x.x.x.x</P><P>static (out,in) z.z.z.z y.y.y.y</P><P></P><P>where:</P><P>x.x.x.x: your internal network</P><P>y.y.y.y: customer2's actual network</P><P>z.z.z.z: customer2's translated network</P><P></P><P>after this you will access customer2's network using the z.z.z.z addressing, also all the match address access-list should be built on the z.z.z.z subnet <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>If you provide me with the PIX configuration and a simple topology maybe I will be able to assist you a little better in here <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Kindest regards,</P><P>Shadi`</P></BODY></HTML> Thu, 21 Jun 2007 10:26:13 GMT https://community.cisco.com/t5/network-security/two-vpn-clients-with-the-same-subnet/m-p/800406#M1003238 shomar 2007-06-21T10:26:13Z