Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
3
Replies

Cisco ASA - 2 VPN connections with overlapping range

HubertMaier
Level 1
Level 1

‎01-13-2016 06:53 AM - edited ‎03-12-2019 12:08 AM

Hi all,

I have a problem with the following setup. We have multiple offices connected via VPN to the HQ, because two offices sharing a lot of data, we want add to the ASA 5505 firewalls a second VPN site-to-site tunnel to transport the traffic directly between the offices, without the HQ between.

Company network: 10.0.0.0/8

Office 1 network: 10.1.0.0/16

Office 2 network: 10.2.0.0/16

In every ASA is a VPN tunnel with the remote network 10.0.0.0/8 and the NAT with the destination 10.0.0.0/8 configured for the tunnel to the HQ. If I add a second VPN tunnel and the NAT with the 10.X.0.0/16 range for the direct connection, I have overlapping ranges and getting problems with the NAT.

Is it possible to configure a network object with 10.0.0.0/8 exclude 10.1.0.0/16?

Andreas

Labels:
0 Helpful
3 Replies 3

rvarelac
Level 7
Level 7

‎01-13-2016 03:07 PM

Hi StroeCres

I think the following document might be useful:

https://supportforums.cisco.com/document/12612201/configure-vpn-policy-nat-between-2-asa-overlapping-networks

Hope it helps

-Randy-

0 Helpful

HubertMaier
Level 1
Level 1
In response to rvarelac

‎01-13-2016 11:51 PM

Hi,

please correct me if I'm wrong, but with this configuration, if I wanna connect to the site B from site A, I use a IP from the IP range 192.168.20.0/24? In this case, the DNS servers give me the wrong IP addresses for the hostnames or I must configure every hostname in the DNS server manually.

Every IP range is unique in our company and the network structur looks like a star with the HQ in the middle and all other offices connected to the HQ. Every office have a "default route" VPN connection for the company network with 10.0.0.0/8 to the HQ. The plan is it to have a shortcut directly between the offices and I wanna have a second "route" VPN connection with 10.X.0.0/16 as destination.

Andreas

0 Helpful

Akshay Rastogi
Cisco Employee
Cisco Employee

‎01-13-2016 10:41 PM

Hi Andreas,

Adding to Randy, you could go through the below docs as well to understand the outputs:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112049-asa8x-vpn-olap-config-00.html

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card