cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
760
Views
0
Helpful
4
Replies

Remote SSL VPV Overlapping

RexPr
Level 1
Level 1

I've configured a remote SSL VPN on Cisco ASA (9.2).
The local network is 192.168.1.0/24. The server I want to reach is 192.168.1.5. The VPN IP pools are on 192.168.40.0/24 network.
On the remote site, I've one ADSL connection with internal IP 192.168.1.0/24, so I've overlapping my local network and I cannot change remote IP.


Immagine.pngI've seen some example for NAT in order to avoid overlap, but all for site-to-site VPN, and I'm not confident how to do with remote VPN client.

Can I have one help?

Thanks,
Fabrizio

 

 

Fabrizio www.rfc.it
4 Replies 4

Jerome BERTHIER
Level 1
Level 1

Hi

 

Is it the only server that you need to reach over the VPN ?

 

If yes, you might try to inject a route 192.168.1.5/32 into the split tunneling.

It will be more precise than the connected route of your local network behind the ADSL connection. So, the laptop should prefer this route over the VPN interface.

 

If not, NAT is the answer but I never tried.

 

 

Regards

 

Jérôme

>>> If yes, you might try to inject a route 192.168.1.5/32 into the split tunneling.

No is not the only server, so I'm looking for  nat suggestion

 

>>> push a default route out to the client that routes all across the clients VPN interface in the 192.168.40.x range

If I put 192.168.40.x as default route I have to remove split tunnel and move remote traffic through ASA, not a good solution for my purpose.

 

Thanks,

Fabrizio

Fabrizio www.rfc.it

NAT option is straight forward, just configure static nat in,out and
include the natted subnet in your split tunneling ACL (not the original
subnet).

But the overlap shouldn't be a problem unless you have local lan access
enabled. By default this option is controllable by user. Once you turn it
off, if LAN traffic overlaps with split-acl the traffic will go over
tunnel.

Dennis Mink
VIP Alumni
VIP Alumni

push a default route out to the client that routes all across the clients VPN interface in the 192.168.40.x range.

Please remember to rate useful posts, by clicking on the stars below.