cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
431
Views
4
Helpful
4
Replies

Multiple VPN's to different company's using the same ipaddressrange

jlievens
Level 1
Level 1

Our Hospital needs many LAN to LAN VPN's to different other hospitals. Some of the other hospitals use the same private ip-range. We have ASA5510, most other hospitals have watchguard. Is it possible to solve this with natting ? Is there a way to define different natting for every tunnel ?

4 Replies 4

kaachary
Cisco Employee
Cisco Employee

Yes, you can have the subnet natted specifically for this tunnel.

You can use policy based natting for this.

Its always a good idea to do NAT on both the ends, to avoid complexity in the config.

*Please rate if this helped.

-Kanishka

Could you give me a clue on how to configure this on ASA5510 ? I've been searching in asdm and as far as I can find out, In policy natting, I can filter on interface, on ipaddress and on protocol but not on tunnel ?

Giving you an example :

Let's say the network on both the ends is 192.168.1.0/24.

On Watchgaurd they nat it to 192.168.2.0/24.

On your side, say , yu nat it to 192.168.3.0/24

The policy nat statements would be like this:

1: Create an acl for to identify traffic :

access-list policy_nat 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

Define a static NAT with policy :

static (inside,outside) 192.168.3.0 access-list policy_nat

And you crypto ACL would look like :

access-list cry_acl 192.168.3.0 255.255.255.0 192.168.2.0 255.255.255.0

You should be good to go !

*Please rate if helped.

-Kanishka

Thank you for your effort.

But my configuration is somewhat different. My subnet is 172.18.5.0/24 and I want 2 tunnels to 2 different company's that both use subnet 192.168.150.0/24.

I don't know if the watchguards at the other end can nat their source-ip to something different.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: