I am kind of new to firewalls, someone plz help, lets say my main office and branch office has same ip subnet ranges and i came to know that ipsec doesnot work in that situation. what am i supposed to do to make it work. do i have to configure some kind of natting or ?????? is there any alternative, plz kindly help.
Both sites should do NAT to their local networks before forwarding traffic to the L2L VPN between the sites.
Otherwise the traffic simply wont be forwarded correctly.
Configurations naturally depends on the devices and the software running on them.
Thanks for your quick reply. if am not worng we basically we use nat 0 with vpns to avoid packets being send to some other destination. am kind of confused now, what happens if we enable netting in this situation. lets say we have 220.127.116.11 subnet on both sites and we are using ASA 5520. if possible plz provide me some url link where this situation and configuration is explained properly, tried over internet but couldn't find good explanation.THNX
Here is one
It basicly gives you a configuration example with 2 ASA which have the same LAN networks.
Its does a Static Policy NAT on both sides and NATs the local network to some other similiar equal size network.
And never forget the better solution if one site is really a more small branch-office: If you renumber the IP-addressing in that office you won't have this ongoing pain that double-NAT causes.
Don't stop after you've improved your network! Improve the world by lending money to the working poor: