Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
5
Helpful
2
Replies

IPSEC overlapping IP addresses

corey.burden
Level 1
Level 1

‎01-06-2016 09:38 AM - edited ‎02-21-2020 08:36 PM

Looking for any suggestions here:

I have this scenario where I'm installing IPSec.  On my end, we have 3 subnets which require access to the remote site.  The 3 subnets are all /24.  But at the remote site, the engineers are only looking for a small set of IP's to prevent overlapping.  Does anyone have any suggestions on how to provision this?  I read up about doing a NAT but I would prefer no not to NAT if possible.  The 3 subnets 3.x,  20.x, and 25.x with about 255+ users across those 3 subnets to use the VPN.

Thanks,

Corey

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎01-06-2016 11:23 AM

NAT is your friend here and the reason that it exists today :) Is there a reason why you don't want to use NAT?

Take a look at the following links:

http://packetpushers.net/how-to-build-an-ipsec-vpn-with-cisco-asas-overlapping-address-space/

https://supportforums.cisco.com/discussion/11408881/overlapping-subnets-ipsec-vpn-between-asa-and-ios-router

Thank you for rating helpful posts!

corey.burden
Level 1
Level 1
In response to nspasov

‎01-13-2016 12:24 PM

Thanks.  Really, we want to try to minimize any changes that we are doing plus we already have double natting going on and we are trying to get that down to a single nat.

0 Helpful
Customers Also Viewed These Support Documents