cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

386
Views
0
Helpful
2
Replies
Highlighted
Beginner

Multiple L2L VPN with overlapping remote network ranges?

I have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.

Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?

thanks,

Rick

Everyone's tags (5)
2 REPLIES 2
Frequent Contributor

Multiple L2L VPN with overlapping remote network ranges?

NAT happens on Cisco post-decryption. Here is a link.

HTH.

Beginner

Re: Multiple L2L VPN with overlapping remote network ranges?

That sounds like a No -- as it seems to lead to having 172.16/16 in SA's on two tunnels, which I'm much more confident in saying it won't work.

Policy based nat seems to revolve around IP addressing, and is not able to attach a NAT policy to a tunnel group.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards