Re: VPN with overlapping addresses

rex · ‎01-16-2005

Hi

An ISP need to make VPN tunnels to four Costumers, so they can get data from a common server placed at the ISP.

Costumer A, B & C is working well, but the new Costumer D are using same private Network as the ISP, an will not accept to change their Network, neither they will accept to put some NAT in their Router.

They already NAT their private Network range to an official Network.

ISP are using a Cisco 1841 Router for the project, but are ready to change to a PIX firewall or a VPN 3005 Concentrator if that’s what’s needed.

Could any kind person please help me with this scenario.

I have published the scenario in graphics here: http://www.z28.dk/vpn.htm

The configuration I’m using for now can be found at: http://www.z28.dk/conf.htm

Best regards

R.B.P.

billy_vaughn · ‎01-19-2005

I can help with the 3005 setup if you decide to go that route.

You will need to add 2 network list entries under Configuration>Policy Management>Traffic Management>Network Lists.

You will need to configure a local and remote address. The local will be one of the public ip's for the site.(Provided by your ISP)The remote will be the device you are connecting to on the other end.

You will also need to add a Nat Lan to Lan rule under Configuration>Policy Management>Traffic Management>Nat>Lan to Lan.

Use a static Nat type. The rest will look similar to my example.

Source(Local address)Translated(Public Ip Address used in the network local list)Remote(Ip address of the device on the other end)

Now just create an Ipsec lan to lan tunnel. You will need to agree with the ISP on des type and auth type. Use you local and remote networks you created earlier.