Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
2
Replies

Two networks with the same internal IP address

mattbiggs
Level 1
Level 1

‎06-14-2004 06:26 AM - edited ‎03-09-2019 07:44 AM

Can anyone tell me if this will work. My company has contracted with an outside company. One employee from the outside company needs access to a application inside my company.

I setup the users workstation to vpn into our network. The issue is if we are using a internal address schema of 172.16.1.0 and the outside company is using the same address in their internal network.

Can that user vpn into my network?

I have a pix 506e.

Thanks.

Matt

Labels:
0 Helpful
2 Replies 2

ehirsel
Level 6
Level 6

‎06-14-2004 08:41 AM

To access the application, will the user need to contact the dns and/or wins servers in your network, or will they be using a hard-coded ip address?

How did you setup the users workstation: using a vpn client, or using the native os ipsec (such as win 2000 ipsec, or a unix ipsec) code?

Assuming that just an address will be used, and that no dns/wins name servers need to be accessed, and the cisco vpn client is used: the user can get access. You will need to assign the vpn client an address that is not 172.16.1.0/24 and use destination nat'ing (what the client will see your services ip address as) on the pix to mask your networks 172.16.1.0/24 as something else, say 172.31.1.0/24

You may need to enable split-tunneling on the vpngroup config on the pix, if the user needs to have access to his and your corp. networks at the same time. If that is the case, then what you select for destination nat needs to be something that isn't in the user's network already. If you will not allow split-tunneling, then you can use anything except for the network the client is already in as the dest nat network. For example, if the client is on the 172.16.1.0/24 network use any value other than that as the dest. nat network.

Let me know if this helps, or you need more assistance.

0 Helpful

brentolson
Level 1
Level 1

‎06-15-2004 07:15 AM

If your addresses are overlapping, then you will need to implement NAT (Network Address Translation). You should be able to find plenty of examples on the cisco.com.

0 Helpful
Customers Also Viewed These Support Documents