Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2220
Views
0
Helpful
6
Replies

VPN between two sites using same subnet

dsr_deep1
Level 1
Level 1

ā€Ž05-31-2013 05:53 AM - edited ā€Ž03-11-2019 06:51 PM

Hi there,

I am kind of new to firewalls,  someone plz help, lets say my main office and branch office  has same ip subnet ranges and i came to know that ipsec doesnot  work in that situation. what am i supposed to do to make it work. do i have to configure some kind of  natting or ?????? is there any alternative, plz kindly help.

Labels:
0 Helpful
6 Replies 6

Jouni Forss
VIP Alumni
VIP Alumni

ā€Ž05-31-2013 05:57 AM

Hi,

Both sites should do NAT to their local networks before forwarding traffic to the L2L VPN between the sites.

Otherwise the traffic simply wont be forwarded correctly.

Configurations naturally depends on the devices and the software running on them.

- Jouni

0 Helpful

dsr_deep1
Level 1
Level 1
In response to Jouni Forss

ā€Ž05-31-2013 06:11 AM

Thanks for your quick reply. if am not worng we basically we use nat 0 with vpns to avoid packets being  send to some other destination. am kind of confused now, what happens if we enable netting in this situation. lets say we have 172.168.4.0 subnet on both sites and we are using ASA 5520. if possible plz provide me some url link where this situation and configuration is explained properly, tried over internet but couldn't find good explanation.THNX

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to dsr_deep1

ā€Ž05-31-2013 06:14 AM

Hi,

Here is one

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

It basicly gives you a configuration example with 2 ASA which have the same LAN networks.

Its does a Static Policy NAT on both sides and NATs the local network to some other similiar equal size network.

- Jouni

0 Helpful

dsr_deep1
Level 1
Level 1
In response to Jouni Forss

ā€Ž05-31-2013 06:23 AM

THNX

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to dsr_deep1

ā€Ž05-31-2013 06:25 AM

Hi,

Remember to mark the reply as the correct answer if it answered your question.

Naturally if you need some help then ask away.

- Jouni

0 Helpful

Karsten Iwen
VIP
VIP

ā€Ž05-31-2013 05:59 AM

And never forget the better solution if one site is really a more small branch-office: If you renumber the IP-addressing in that office you won't have this ongoing pain that double-NAT causes.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card