Showing results for 
Search instead for 
Did you mean: 

Configuring an IPSec Tunnel Between Router and PIX w/Duplicate LAN Subnets


As in title,

I need to make a site to site vpn between an pix and a router with duplicated subnets.

Pix as inside have a and he manages already 2 site-to-site vpn, one with another pix (that have inside and the second one with another pix (that have inside Now i need to add another one vpn site to site with cisco ios (that have "inside"

Any sugestion, egsample or link?





what you need to do is to perform NAT before the IPSec tunnel and translate the second to some other network not yet used on the PIX, f.e. The NAT configuration on the router would look like this:

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 300


crypto isakmp key MyKey address


crypto ipsec transform-set myset esp-des esp-md5-hmac


crypto map mymap local-address Serial0/0

crypto map mymap 10 ipsec-isakmp

set peer

set security-association lifetime seconds 180

set transform-set myset

match address 110



interface Ethernet0/0

ip address

ip nat inside


interface Serial0/0

ip address

crypto map mymap

ip nat outside


ip nat pool NATforTunnel netmask

ip nat inside source list 110 pool NATforTunnel


access-list 110 remark NAT-list

access-list 110 permit ip

Extend the ACL 110 to your needs and adjust the IPSec stuff and IP addresses to your environment.

Hope this helps! Please rate all posts.

Regards, Martin

Perfect, can you make me an eesample on the pix side?

Thanks ;)


Thanks for this post, quick question, this example is to configure the router on my location, NOT the remote location right?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: