Unanswered Question
Mar 19th, 2008

We are trying to establish a site-2-site VPN between 2 ASA 5520s the remote side is out of my control. ASA-A(my side) is only performing VPN functionality, ASA-B(remote) is performing Firewall and VPN functionality. The remote side's internal network must be NAT'd. There are several IP nets behind the remote. We want to NAT the remote internal nets to 1 IP address. It appears that when a device on the remote, internal network initiates traffic, ASA-A(my side) drops the traffic as it appears to be sourced from the internal IP address rather than the expected single NAT address. Based on the ACLs, the traffic is dropped. Can the traffic originiating on the ASA-B remote network be translated prior to entering the VPN tunnel? If so how is this performed?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
wasiimcisco Thu, 03/20/2008 - 03:24

You are having problem with overlapping IP addresses on Lan. This is possible and you can configure it.

I am assumsing that you have subnet on both sides Lan network.

For VPN you have to make a different configuration.

in VPN you will NAT one side of VPN interesting traffic into different subnet which will be global.

and remote Lan will access this IP via VPN tunnel and then it will translate into private IP address of LAN 2.

I am running this step, where my remote network is having the same IP scheme that I am using on my lan, i did this on VPN concentrator but this is possible on firewal/ASA as well.

Please see the below mention link.

If you still have the problem please let me know


This Discussion