Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
259
Views
3
Helpful
1
Replies

VPNs on ASA going to same destination networks using NAT

srue
Level 7
Level 7

‎07-17-2007 04:45 AM - edited ‎03-11-2019 03:45 AM

I haven't been able to get into the lab to test this yet but was wondering if someone here had a quick answer.

The situation is a customer needs to use an ASA device to set up two L2L vpns. The problem is that at each remote end they have an overlapping address that the ASA side needs to connect to. It's not possible for the remote sides to either NAT this address or change it. I know I can set up outside to inside NAT in this situation, but I've never tried it with two overlapping addresses on the remote end. Or if someone else has a better solution, please let me know.

If you need more clarification, please let me know.

Thanks....

Labels:
0 Helpful
1 Reply 1

mattiaseriksson
Level 3
Level 3

‎07-17-2007 05:20 AM

I don't think it is possible. The problem is that you would need to NAT between the ASA and the remote endpoints before it hits the box, because the order of operation from outside to inside is IPSec first, then NAT.

At least in PIX and IOS this would be impossible, but I am not so familiar with the ASA so I could be wrong.

If the remote networks were overlapping it would not be any problem though.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card