cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4283
Views
0
Helpful
18
Replies

Site-to-site VPN - Duplicate subnet?

stanleypane
Level 1
Level 1

OK, here is my setup:

     ASA 5505 - 192.168.3.1

     PIX 501  - 192.168.1.1

     PIX 501  - 192.168.1.2

The ASA and the first pix device (192.168.1.1) are connected via site-to-site VPN on the ASA side and the connection works great. I can access hosts in either direction from either network.

I'm attempting to add the second pix device to the ASA's site-to-site configuration, but it's not working. I suspect it's because the devices are on the same subnet, but I'm hoing to find a workaround.

When I have both PIX devices setup for site-to-site on the ASA, the VPN works only for the connection that has the highest priority. The device with the lower priority can only ping the 192.168.3.1 network, but full network connections fail.

Is it possible to do this without changing the subnet on the second PIX?

18 Replies 18

How are you attempting to bring the tunnels up? By pinging something in the 192.168.102.0 or 192.168.101.0 networks, respectively, from an internal machine (not the firewall or packet-tracer)?

Your PSK matches, too, right? Anything from the crypto debugs on both sides?

James

Ignore the previous response. GNS3 decided to be a pain. It works - thank you very much

Oh good! Glad to see it worked for you

If you have any other questions feel free to ask. I don't frequent the forums that often. In fact, this post is over 3 years old!

James

james.denton@rackspace.com

http://www.linkedin.com/profile/view?id=61123635

I appreciate that. I will definitely keep you on my contacts list

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: