03-25-2009 02:04 AM
hi all,
I have the following questions regarding Site-Site VPN using ASA 5510 & 5505
Scenerio is
1. we have five branches & one head office
2. we want to establish vpn between branches & head office ( Site-Site VPN )
3. All the branches & head office are using the same internal network ( 192.168.150.0 255.255.255.0 )
My question is
how can I configure site-site VPN between branches & head office having same internal network ( 192.168.150.0/24)
please help me with configuration steps & explanation
I have experience on configuring site-site vpn between branches having differnet internal network ( eg: 192.168.1.0/24 & 192.168.2.0/24 )
Expecting your valuable reply
Solved! Go to Solution.
03-25-2009 04:02 AM
03-25-2009 02:18 AM
You need to do policy natting on all your sites. eg if you take an example of main ASA and one branch router then you have to change the network to
1) on main ASA 192.168.1.0/24
2) on branch ASA 192.168.2.0/24
this will be just for traffic traversing over VPN and not the internet.
EG: On Main ASA
1) make an access-list:
access-list polnat permit ip 192.168.150.0/24 192.168.2.0/24
static (inside,outside) 192.168.1.0 access-list polnat netmask 255.255.255.0
crypto access-list:
access-list cryptoacl permit ip 192.168.1.0/24 192.168.2.0/24
Similarly on branch ASA:
access-list polnat permit ip 192.168.150.0/24 192.168.1.0/24
static (inside,outside) 192.168.2.0 access-list polnat netmask 255.255.255.0
crypto acl:
access-list permit ip 192.168.2.0/24 192.168.1.0/24
Make sure you do not configure nat exempt.
03-25-2009 02:43 AM
Dear nitinaga,
thank u very much on ur valuable reply.
can u just give me some link so that I can understand & study policy natting in vpn & also understand the above scenario so that I can get a clear picture how it is working.
regards
dileep
03-25-2009 04:02 AM
03-25-2009 05:52 AM
thanks a lot
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide