12-06-2010 06:31 AM
Chaps,
I have an unusual scenario whereby i require a site to site vpn tunnel between a version 7 cisco pix and a version 8 cisco asa which have the same ip subnet at each endpoint. Is it possible to create such a site to site tunnel or will i need to change one of the remote endpoints?
Thanks
Nick
Solved! Go to Solution.
12-06-2010 07:07 AM
Hi Nicholas,
To allow the traffic to flow through the tunnel when having the same addressing scheme on both ends, you should NAT the VPN traffic.
ie.
Site A LAN 10.1.1.0/24
Site B LAN 10.1.1.0/24
Site A config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (in,out) 192.168.1.0 access-list NAT
access-list crypto permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
Site B config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (in,out) 192.168.2.0 access-list NAT
access-list crypto permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
The idea is that Site A will be translatefd to 192.168.1.0 when going to Site B, and Site B will be translated to 192.168.2.0 when going to Site A.
Hope it makes sense.
Federico.
12-06-2010 07:07 AM
Hi Nicholas,
To allow the traffic to flow through the tunnel when having the same addressing scheme on both ends, you should NAT the VPN traffic.
ie.
Site A LAN 10.1.1.0/24
Site B LAN 10.1.1.0/24
Site A config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (in,out) 192.168.1.0 access-list NAT
access-list crypto permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
Site B config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (in,out) 192.168.2.0 access-list NAT
access-list crypto permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
The idea is that Site A will be translatefd to 192.168.1.0 when going to Site B, and Site B will be translated to 192.168.2.0 when going to Site A.
Hope it makes sense.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide