https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418593#M308390 <P>Hello everyone,</P><P></P><P>We need you help connecting three sites with our Central site having all the resources for the users including internet access.</P><P>All three sites will have the ASA 5505 as their WAN device.</P><P></P><P>We need to know is this possible, for configuring an IPsec Tunnel Between all three ASA's with Duplicate LAN Subnets.</P><P>Central Site two networks 192.168.1.x /24, 192.168.100.x /24</P><P>Remote One subnet 192.168.1.x /24</P><P>Remote Two one subnet 192.168.100.x /24</P><P></P><P>If above is possible we also need to do Hair pinging from Remote One, Remote Two to the Central Site for internet access, everything both sites need are located at the Central Site, including e-mail, network folders, other resource too.</P><P></P><P>We have no other way for doing this network, as all security is located at our Central Site, for Website filtering, Application filtering, all network traffic filtering.</P><P>We understand we can change both Remote sites to a different subnet from the Central Site but we have so many host devices this will take weeks or months to complete, along with changing the MS AD Domain for all end users, Servers too.</P><P></P><P>We really need your expertise for doing this in a lab then into production.</P><P></P><P>Thank you</P> Tue, 12 Mar 2019 03:08:41 GMT Stephen Sisson 2019-03-12T03:08:41Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418593#M308390 <P>Hello everyone,</P><P></P><P>We need you help connecting three sites with our Central site having all the resources for the users including internet access.</P><P>All three sites will have the ASA 5505 as their WAN device.</P><P></P><P>We need to know is this possible, for configuring an IPsec Tunnel Between all three ASA's with Duplicate LAN Subnets.</P><P>Central Site two networks 192.168.1.x /24, 192.168.100.x /24</P><P>Remote One subnet 192.168.1.x /24</P><P>Remote Two one subnet 192.168.100.x /24</P><P></P><P>If above is possible we also need to do Hair pinging from Remote One, Remote Two to the Central Site for internet access, everything both sites need are located at the Central Site, including e-mail, network folders, other resource too.</P><P></P><P>We have no other way for doing this network, as all security is located at our Central Site, for Website filtering, Application filtering, all network traffic filtering.</P><P>We understand we can change both Remote sites to a different subnet from the Central Site but we have so many host devices this will take weeks or months to complete, along with changing the MS AD Domain for all end users, Servers too.</P><P></P><P>We really need your expertise for doing this in a lab then into production.</P><P></P><P>Thank you</P> Tue, 12 Mar 2019 03:08:41 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418593#M308390 Stephen Sisson 2019-03-12T03:08:41Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418594#M308392 <HTML><HEAD></HEAD><BODY><P>IF you configure NAT then yes, but I would suggest to move this ticket to the VPN queue</P><P></P><P>Value our effort and rate the assistance!</P></BODY></HTML> Fri, 22 Nov 2013 20:31:25 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418594#M308392 jumora 2013-11-22T20:31:25Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418595#M308394 <HTML><HEAD></HEAD><BODY><P>OK</P></BODY></HTML> Fri, 22 Nov 2013 20:35:41 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418595#M308394 Stephen Sisson 2013-11-22T20:35:41Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418596#M308395 <HTML><HEAD></HEAD><BODY><P>You know that you can move the post to a VPN queue right???</P><P></P><P>Value our effort and rate the assistance!</P></BODY></HTML> Sat, 23 Nov 2013 05:28:51 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418596#M308395 jumora 2013-11-23T05:28:51Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418597#M308396 <HTML><HEAD></HEAD><BODY><P>As jumora has mention, you can do this by using NAT.&nbsp; Setup a different subnet for each site and NAT to that subnet. Then create a crypto ACL that specifies the local LAN as the source and the NATed subnet as the destination.&nbsp; This must be done at each site.&nbsp; </P><P></P><P>The down side to this is that if you are using FQDNs to access servers/PCs at each site, then you would need to create static DNS entries for each new NATed server IP.</P><P></P><P>--</P><P>Please rate all helpful posts</P></BODY></HTML> Sat, 23 Nov 2013 20:21:15 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418597#M308396 Marius Gunnerud 2013-11-23T20:21:15Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418598#M308397 <HTML><HEAD></HEAD><BODY><P>Depending on your ASA version the commands will be different, but concept is the same.&nbsp; Have a look at this link to get an idea on how to do it.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml" rel="nofollow">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml</A></P><P></P><P>--</P><P>Please rate all helpful posts</P></BODY></HTML> Sat, 23 Nov 2013 20:25:03 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418598#M308397 Marius Gunnerud 2013-11-23T20:25:03Z https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418599#M308398 <HTML><HEAD></HEAD><BODY><P>We are currently working on this in our lab, thank you for the documentation</P><P></P><P>Thank you all</P></BODY></HTML> Mon, 25 Nov 2013 16:15:27 GMT https://community.cisco.com/t5/network-security/ipsec-tunnels-between-duplicate-lan-subnets/m-p/2418599#M308398 Stephen Sisson 2013-11-25T16:15:27Z