Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
4
Replies

Multiple VPN tunnels accessing same subnet resources

dsemenjuk
Level 1
Level 1

‎10-21-2004 06:20 AM - edited ‎02-21-2020 01:24 PM

I have a hub and spoke VPN enviroment that looks like this.

Company A

3000 VPN Conc.

| NAT for

| <--- 10.10.10.X

| |

Corp HQ | Servers

IOS VPN-------------| 10.10.10.X

| |

| |

|

Company B

3000 VPN Conc.

There is a functioning IPSEC tunnel between Company A which Corp HQ is doing a NAT/PAT of Server subnet to Public IP address w/ overload. Along comes Company B that needs access to the same server resources as Company A. IPsec tunnel to Company B comes up fine but since there is a NAT/PAT inplace for Company A and since the NAT happens before encyrption, traffic does not get Company B.

What is best practice for situations like this I am looking at DMVPN but I an not sure if this is the right approach. I need to have the solution to be scalable since we forsee other compianes wanting access to the same servers. Thanks for any advice

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎10-31-2004 06:00 PM

DMVPN is a solution to ease the configuration of the vpn gateways, when the ip address of the remote, or spoke gateways is not always pre-determined, and to ease the config changes needed on the vpn gateway at the head-end (hub) when a spooke is added/changed/deleted. It is not meant to address pat/nat issues. I would look to it only when you control the vpn gateway on both the hub and spoke sites.

I don't believe that DMVPN will solve your problem. However since you already have a nat/pat solution for Company A using public ip addresses, you should be able to use the same solution for CO B, unless CO B want to use private ip addresses. You would define another seq number on the existing crytpo map used for CO A and the only changes you should make is the destination network/host and the remote peer address that pertian to CO B.

Let me know if you need any more help.

0 Helpful

dsemenjuk
Level 1
Level 1
In response to ehirsel

‎11-08-2004 06:49 AM

No, This is not feasible since company A uses a public IP that is asssigned to them. I am still looking for standard practices for eneterprise VPN solutions. I guess my main delima is how to let and manage multiple outside vendors access to the same network resources. Any help would be greatly appricated. Thank You

0 Helpful

ehirsel
Level 6
Level 6

‎11-07-2004 07:16 PM

Just following up to see if your questions were answered, or if you need more help.

0 Helpful

dsemenjuk
Level 1
Level 1
In response to ehirsel

‎11-08-2004 06:53 AM

No, This is not feasible since company A uses a public IP that is asssigned to them. I am still looking for standard practices for eneterprise VPN solutions. I guess my main delima is how to let and manage multiple outside vendors access to the same network resources. Any help would be greatly appricated. Thank You

0 Helpful
Customers Also Viewed These Support Documents