ā05-31-2013 05:53 AM - edited ā03-11-2019 06:51 PM
Hi there,
I am kind of new to firewalls, someone plz help, lets say my main office and branch office has same ip subnet ranges and i came to know that ipsec doesnot work in that situation. what am i supposed to do to make it work. do i have to configure some kind of natting or ?????? is there any alternative, plz kindly help.
ā05-31-2013 05:57 AM
Hi,
Both sites should do NAT to their local networks before forwarding traffic to the L2L VPN between the sites.
Otherwise the traffic simply wont be forwarded correctly.
Configurations naturally depends on the devices and the software running on them.
- Jouni
ā05-31-2013 06:11 AM
Thanks for your quick reply. if am not worng we basically we use nat 0 with vpns to avoid packets being send to some other destination. am kind of confused now, what happens if we enable netting in this situation. lets say we have 172.168.4.0 subnet on both sites and we are using ASA 5520. if possible plz provide me some url link where this situation and configuration is explained properly, tried over internet but couldn't find good explanation.THNX
ā05-31-2013 06:14 AM
Hi,
Here is one
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
It basicly gives you a configuration example with 2 ASA which have the same LAN networks.
Its does a Static Policy NAT on both sides and NATs the local network to some other similiar equal size network.
- Jouni
ā05-31-2013 06:23 AM
THNX
ā05-31-2013 06:25 AM
Hi,
Remember to mark the reply as the correct answer if it answered your question.
Naturally if you need some help then ask away.
- Jouni
ā05-31-2013 05:59 AM
And never forget the better solution if one site is really a more small branch-office: If you renumber the IP-addressing in that office you won't have this ongoing pain that double-NAT causes.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide