cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
203
Views
0
Helpful
2
Replies
Highlighted
Beginner

Multiple VPN endpoints with bi-directional NAT

I have a customer who wants to migrate between offices within the same city slowly across a couple of weeks.  They want to have the same subnet in two locations without actually forwarding L2 traffic across the internet.  I suggested we setup a bi-directional NAT scenario.  I know it will be some effort, but I believe I can set that up.

The scenario is Site A and Site B both are in the same city.  Site A will have a VPN tunnel to Site B with ASAs on both sides of the tunnel, and both sites will have a subnet of 10.10.10.0/24.  I plan on configuring NAT to trick that into working.  Now, we have Site C in another city that needs to talk to 10.10.10.0/24 - and that VPN is currently working from Site C to Site B.  They want to have VPN traffic initiated from  Site C through Site B to Site A.

 I don't believe that can be done without passing L2 info across the internet.  I don't think the bi-directional NAT can be processed successfully for the VPN tunnel.

 

Anyone have any thoughts?

2 REPLIES 2
Highlighted
Participant

Hello, wade. 

If you have an 8.3 software version of your ASA, then NAT configuration is possible as per:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_static.html#wp1080960

What is the model and software version of your ASA? 

Let me know if you have additional concerns or e-mail (adawa@cisco.com) me directly. Kind regards. 

Highlighted

Hi Wade,

Do you already have VPN devices for this? If so, what devices are you currently using? I suggest using SLL connection to connect your branch office to your main office. You can look at Cisco ASA 5500-X series for this project. This will also provide you next generation firewall services and other security features.

Hope this helps!