Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
0
Helpful
3
Replies

Configuring an IPSec Tunnel Between Router and PIX w/Duplicate LAN Subnets

UNIKAPERUGIA
Level 1
Level 1

‎02-08-2006 02:31 AM - edited ‎02-21-2020 02:14 PM

As in title,

I need to make a site to site vpn between an pix and a router with duplicated subnets.

Pix as inside have a 192.168.144.0/24 and he manages already 2 site-to-site vpn, one with another pix (that have inside 10.10.9.0/24) and the second one with another pix (that have inside 10.10.12.0/24). Now i need to add another one vpn site to site with cisco ios (that have "inside" 10.10.9.0/24).

Any sugestion, egsample or link?

Thanks

Labels:
0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎02-08-2006 06:01 AM

Hello,

what you need to do is to perform NAT before the IPSec tunnel and translate the second 10.10.9.0/24 to some other network not yet used on the PIX, f.e. 10.10.99.0/24. The NAT configuration on the router would look like this:

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 300

!

crypto isakmp key MyKey address 2.2.2.2

!

crypto ipsec transform-set myset esp-des esp-md5-hmac

!

crypto map mymap local-address Serial0/0

crypto map mymap 10 ipsec-isakmp

set peer 2.2.2.2

set security-association lifetime seconds 180

set transform-set myset

match address 110

!

!

interface Ethernet0/0

ip address 10.10.9.1 255.255.255.0

ip nat inside

!

interface Serial0/0

ip address 1.1.1.1 255.255.255.252

crypto map mymap

ip nat outside

!

ip nat pool NATforTunnel 10.10.99.1 10.10.99.254 netmask 255.255.255.0

ip nat inside source list 110 pool NATforTunnel

!

access-list 110 remark NAT-list

access-list 110 permit ip 10.10.99.0 0.0.0.255 192.168.144.0 0.0.0.255

Extend the ACL 110 to your needs and adjust the IPSec stuff and IP addresses to your environment.

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

UNIKAPERUGIA
Level 1
Level 1
In response to mheusinger

‎02-08-2006 07:33 AM

Perfect, can you make me an eesample on the pix side?

Thanks ;)

0 Helpful

Ranbeckycr_2
Level 1
Level 1
In response to mheusinger

‎05-24-2011 08:46 AM

mheusinger

Thanks for this post, quick question, this example is to configure the router on my location, NOT the remote location right?

0 Helpful
Customers Also Viewed These Support Documents