03-31-2004 09:57 AM
I need to create a site-2-site vpn with a new vendor. Both sites are using the 10.x.x.x network addressing scheme. The problem is that the IP address on our network (ex 10.1.2.3) is already being used on the vendors network. They suggest that I translate my 10.1.2.3 to something like 10.1.22.33 for them.
How can I go about accomplishing this? My PIX is already configured for remote access VPN - not site-to-site as of yet.
Thanks for any pointers.
04-06-2004 12:30 PM
You can use bi-directional translation to make the two private LANs with overlapping address space communicate over the IPSec tunnel. The configuration is as shown in the document at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml.
05-03-2004 10:42 AM
Well, I'm back on this since I have to go back to the overlapping address. All is currently working - now I just have to change the IP to one that is already being used.
I have looked at the article and it appears to show me what I need to do, however, I don't fully understand the comment in the config example that says
"Static translation defined Private_LAN1 from 192.168.4.0/24 to 20.1.1.0/24
Note that this translation will be used for both VPN and Internet traffic from Private_LAN1. So a routable global IP address range, or an extra NAT at the ISP router (in front of the PIX), will be required if Private_LAN1 also needs internal access."
My internal address being translated definitely needs access to the internet and is also used by the remote VPN connections.
Can anyone help me see things a littler clearer??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide