Re: Site to Multiple Site VPN Cisco ASA5515

gianmaria.vanosi@mobilcom.it · ‎11-07-2018

Hi all,

I have some issues configuring my ASA5515 for a multiple Site VPN.

I need to connect simoultaneously my ASA to different remote sites that have IP in the same subnet.(e.g. 192.168.6.10,20,30,40)

How could I configure ASA to perform this??

This is the configuration i need:

Local site: CISCO ASA5515

LAN: 192.168.1.0/24

Remote site 1: TELTONIKA 3G Modem

IP: 192.168.6.10/?

Remote Site 2: TELTONIKA 3G Modem

LAN: 192.168.6.20/?

Remote Site 3: TELTONIKA 3G Modem

LAN: 192.168.6.30/?

Remote Site n: " " " "

Thanks

Gianmaria

David Castro F. · ‎11-08-2018

Hello Gianmaría,

I hope you are doing great,

The easiest thing would be that the other side (the branches), cofigure a Manual NAT NATing theirs subnets or hosts when they are destined to 192.168.1.0/24.

For example:

Remote site 1: TELTONIKA 3G Modem

IP: 192.168.6.10/?

nat (inside,outside) source static obj-192.168.6.0 obj-192.168.111.0 destination static obj-192.168.1.0 obj-192.168.1.0 no-proxy-arp route-lookup

Remote Site 2: TELTONIKA 3G Modem

LAN: 192.168.6.20/?

nat (inside,outside) source static obj-192.168.6.0 obj-192.168.112.0 destination static obj-192.168.1.0 obj-192.168.1.0

Remote Site 3: TELTONIKA 3G Modem

LAN: 192.168.6.30/?

nat (inside,outside) source static obj-192.168.6.0 obj-192.168.113.0 destination static obj-192.168.1.0 obj-192.168.1.0

On the ACL of the interesting traffic, now you are coming from the 192.168.1.0/24 to 192.168.11#.0/24 where # is the Remote site's number.

If you NAT this locally it would try to get the NATed IP on the other side and there isnt a NAT IP on the other side, so you would require the other side to do it, or you will need to create multiple contexts on the ASA and overcomplicate your scenario.

Keep me posted,

Please mark the answer as answered and rate the helpful answers!

Regards,

David Castro,