Solved: Two remote subnets with same network address

Jernej Vodopivec · ‎08-26-2016

Hi,

we have configured on ASA site-to-site VPN to remote network 192.168.1.0/24.

New requirement is to configure new (additional) site-to-site VPN tunnel that has also remote network 192.168.1.0/24.

Will this work "out-of-the-box" with ASA - will ASA know where to send traffic based on destination AND source IP address?

Or this won't work and we'll have to use dual NAT to establish new tunnel?

tnx

Pawan Raut · ‎08-26-2016

This may possible with below two condition.

1) Both VPN should be on same interface like outside interface of ASA

2) Your end encryption IP address should be different for both VPN.

Like VPN for Customer A --> access-list VPN-A-Client permit ip host 10.1.1.1 192.168.1.0 255.255.255.0

VPN for Customer B --> access-list VPN-B-Client permit ip host 10.1.1.2 192.168.1.0 255.255.255.0

Pawan Raut · ‎08-26-2016

This may possible with below two condition.

1) Both VPN should be on same interface like outside interface of ASA

2) Your end encryption IP address should be different for both VPN.

Like VPN for Customer A --> access-list VPN-A-Client permit ip host 10.1.1.1 192.168.1.0 255.255.255.0

VPN for Customer B --> access-list VPN-B-Client permit ip host 10.1.1.2 192.168.1.0 255.255.255.0

Jernej Vodopivec · ‎08-26-2016

Thank you!