Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
1
Replies

design network/ASA to handle large number of L2L VPN

AirSail
Level 1
Level 1

‎08-22-2023 12:19 PM

Hello Sec Gurus, 

I have an ASA that handles a lot of VPN L2L terminations, and recently we noticed that we started facing the duplicate remote subnets issues, and sometimes customers don't know how to do advanced NAT from his end, I know I can do Twice NAT ...etc, but still, I have to pull working customers and ask them to perform change for their destination subnet, 

the amount of termination is quite large, and we can't handle issues (more specifically the duplicate remote subnets) anymore, 

we are planing to put a set of new ASA firewall(the one we have is about to die/EOLS), and before jump right to new gears, I want to make sure I have a solid design  that manages remote subnets conflict ..etc

Really need your help to come up with a solid design. if there any article that talks about Large VPN concentrator designs, please point me in.

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎08-22-2023 12:54 PM

Most best practice, when you building each VPN we going to ask for VPN form to agree both the side config matches,

if the form has overlap range, you reserve IP address before and make Overlap address NAT to fix the issue

this is followed many years and works for us.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents