cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
416
Views
0
Helpful
2
Replies

Multiple VPN endpoints with bi-directional NAT

wade
Level 1
Level 1

I have a customer who wants to migrate between offices within the same city slowly across a couple of weeks.  They want to have the same subnet in two locations without actually forwarding L2 traffic across the internet.  I suggested we setup a bi-directional NAT scenario.  I know it will be some effort, but I believe I can set that up.

The scenario is Site A and Site B both are in the same city.  Site A will have a VPN tunnel to Site B with ASAs on both sides of the tunnel, and both sites will have a subnet of 10.10.10.0/24.  I plan on configuring NAT to trick that into working.  Now, we have Site C in another city that needs to talk to 10.10.10.0/24 - and that VPN is currently working from Site C to Site B.  They want to have VPN traffic initiated from  Site C through Site B to Site A.

 I don't believe that can be done without passing L2 info across the internet.  I don't think the bi-directional NAT can be processed successfully for the VPN tunnel.

 

Anyone have any thoughts?

2 Replies 2

adawa
Level 3
Level 3

Hello, wade. 

If you have an 8.3 software version of your ASA, then NAT configuration is possible as per:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_static.html#wp1080960

What is the model and software version of your ASA? 

Let me know if you have additional concerns or e-mail (adawa@cisco.com) me directly. Kind regards. 

Hi Wade,

Do you already have VPN devices for this? If so, what devices are you currently using? I suggest using SLL connection to connect your branch office to your main office. You can look at Cisco ASA 5500-X series for this project. This will also provide you next generation firewall services and other security features.

Hope this helps!

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: