Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
640
Views
0
Helpful
2
Replies

Multiple L2L VPN with overlapping remote network ranges?

rickmccl
Level 1
Level 1

‎02-05-2013 12:36 PM - edited ‎03-04-2019 06:56 PM

I have an ASA5510, and site-to-site VPN with several remote clients. I have to add another client but their network range overlaps an existing tunnel. Both are using 172.16.0.0/16. I would like to 1-to-1 NAT them as 172.17.0.0/16.

Is it possible to perform the NAT on my device, post-decryption, or is it necessary that I have them perform the NAT at their end?

thanks,

Rick

Labels:
0 Helpful
2 Replies 2

rais
Level 7
Level 7

‎02-05-2013 12:52 PM

NAT happens on Cisco post-decryption. Here is a link.

HTH.

0 Helpful

rickmccl
Level 1
Level 1
In response to rais

‎02-05-2013 12:55 PM

That sounds like a No -- as it seems to lead to having 172.16/16 in SA's on two tunnels, which I'm much more confident in saying it won't work.

Policy based nat seems to revolve around IP addressing, and is not able to attach a NAT policy to a tunnel group.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card