Lan-to-LAN VPN tunnel is not coming

Unanswered Question
Mar 13th, 2008

I'm trying to create a LAN-to-LAN VPN tunnel between our Headquarters and a branch office. We have a same IP network for both the Head quaters and the branch office. The tunnel is not coming and it's showing There are no isakmp sas. What am I missing out? Do I have to use different IP networks at the Branch office to the IP Network at the Headquarters.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Fri, 03/14/2008 - 05:13

You can use the same ip network but it complicates things, you would need to apply double NAT (i.e. translate both source and destination addresses).

Personally I would recommend to use different IP ranges if at all possible, it will make life so much easier.

bericaleb Fri, 03/14/2008 - 18:57

If I have to use different IP Network for the branch offices, will this option make it possible for our servers, e.g DNS servers to talk to the DNS servers at our head quarters?

bericaleb Sun, 03/16/2008 - 00:32

Thanks for the reply.

Would you have something similar to configuring vpn with overlaping IP address between ASA5510 v7.0 and PIX 515E ver 6.4

bericaleb Fri, 03/14/2008 - 20:04


pls help me as now I'm really confused how I should apply double NAT. I have a diagram attached here for my kind of setup.

I do appreciate your help.

mvsheik123 Mon, 03/17/2008 - 10:27


1. As your Firewall/ASA outside interface showing pvt. IP (from diagram) are you using NAT on the rtr connecting outside of the ASA..?

2. You are using Pvt. IP scheme, but Iam not what exactly you mean by same IP address space on bth ends.

3. If you clearly explain exact scenarios and post the clean configs of ASA, someone will definitely be able to help you.




This Discussion