Lan-to-LAN VPN tunnel is not coming

Unanswered Question
Mar 13th, 2008
User Badges:

I'm trying to create a LAN-to-LAN VPN tunnel between our Headquarters and a branch office. We have a same IP network for both the Head quaters and the branch office. The tunnel is not coming and it's showing There are no isakmp sas. What am I missing out? Do I have to use different IP networks at the Branch office to the IP Network at the Headquarters.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Herbert Baerten Fri, 03/14/2008 - 05:13
User Badges:
  • Cisco Employee,

You can use the same ip network but it complicates things, you would need to apply double NAT (i.e. translate both source and destination addresses).

Personally I would recommend to use different IP ranges if at all possible, it will make life so much easier.

bericaleb Fri, 03/14/2008 - 18:57
User Badges:

If I have to use different IP Network for the branch offices, will this option make it possible for our servers, e.g DNS servers to talk to the DNS servers at our head quarters?

bericaleb Sun, 03/16/2008 - 00:32
User Badges:

Thanks for the reply.

Would you have something similar to configuring vpn with overlaping IP address between ASA5510 v7.0 and PIX 515E ver 6.4

bericaleb Fri, 03/14/2008 - 20:04
User Badges:


pls help me as now I'm really confused how I should apply double NAT. I have a diagram attached here for my kind of setup.

I do appreciate your help.

bericaleb Sun, 03/16/2008 - 16:50
User Badges:

pls help me with my query. I have the diagram attached.

mvsheik123 Mon, 03/17/2008 - 10:27
User Badges:
  • Gold, 750 points or more


1. As your Firewall/ASA outside interface showing pvt. IP (from diagram) are you using NAT on the rtr connecting outside of the ASA..?

2. You are using Pvt. IP scheme, but Iam not what exactly you mean by same IP address space on bth ends.

3. If you clearly explain exact scenarios and post the clean configs of ASA, someone will definitely be able to help you.




This Discussion