Solved: two vpn channels to the same destination networks ?

schmidtiii_novice · ‎02-20-2011

Hello all,

first I apologize for my bad english.

Here my question:

Two companies (e.g. company A and B) use the same internal
network (e.g. 192.168.0.0/24) and their vpn devices (no cisco
vpn devices) can not translate the network address in a vpn tunnel.
From a other company (e.g. C) should be used a vpn tunnel to both
companies (C <--> A, C <-->B, C use as internal network 192.168.1.0/24,
C use a Cisco ASA). I think one criteria how a cisco ASA select
the appropriate tunnel configuration is the suitable
crypto map with the corresponding access list. In this case,
both destination addresses/networks are the same. Is it even possible to
use both tunnels to the same time (the connection should be
possible from/to the same hosts in company C)?

Thank you in advance for advice and information.

best regards

schmidtiii_novice

Jennifer Halim · ‎02-21-2011

You are welcome.

Please kindly mark the post as answered if you have no further question so others can learn from your post. Thank you.

View solution in original post

Jennifer Halim · ‎02-20-2011

You are absolutely correct.

It is not possible nor supported having VPN tunnels going to the same remote subnets, as the VPN device will not be able to tell just by ip address (when it's the same) to forward it to which VPN peers. You will need to translate the subnet to a unique subnet so it can be routed correctly. If the remote VPN peer is not capable of doing a network translation, then you will have to look into changing the subnet to a unique subnet within your VPN topology.

schmidtiii_novice · ‎02-21-2011

many thanks for your answer

Jennifer Halim · ‎02-21-2011

You are welcome.

Please kindly mark the post as answered if you have no further question so others can learn from your post. Thank you.