Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
2
Replies

Destination nat after Vpn, big problem

Max Bagnara
Level 1
Level 1

‎03-11-2019 05:01 AM

Hi, 

we have to make two vpn in overlapped network, example:

 

My lan

192.168.0.0/24

Remote1 

192.168.0.0/24

Remote2

192.168.0.0/24

 

I have control only in my side of vpn, Remote1 and Remote2 can't make nat or change in firewall.

I have an Asa 9.1

 

I make destination nat , but i need to insert in vpn traffic selection, the natted ip address to make decision

in which tunnel pass the traffic.

 

In normal situation, nat is make before vpn, so i need to insert in traffic selection the real remote ip.

If i insert the natted ip, i have phase1 up but phase2 not work (no_proposal_choosen)

How i can resolve this?

Thanks

 

 

Labels:
0 Helpful
2 Replies 2

Dennis Mink
VIP Alumni
VIP Alumni

‎03-11-2019 06:10 AM

cant take credit for it, but check:

 

https://community.cisco.com/t5/vpn-and-anyconnect/vpn-overlapping/td-p/3034196

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Max Bagnara
Level 1
Level 1
In response to Dennis Mink

‎03-11-2019 07:26 AM

In all example i see, i see to make a source nat to match traffic selection but in my case in inpossible...

I neet to make destination nat after ipsec , to specify natted address in my ipsec traffic selection

0 Helpful
Customers Also Viewed These Support Documents