site-site vpn- same internal network on both side of the tunnel

Answered Question
Mar 25th, 2009
User Badges:

hi all,

I have the following questions regarding Site-Site VPN using ASA 5510 & 5505

Scenerio is

1. we have five branches & one head office

2. we want to establish vpn between branches & head office ( Site-Site VPN )

3. All the branches & head office are using the same internal network ( )

My question is

how can I configure site-site VPN between branches & head office having same internal network (

please help me with configuration steps & explanation

I have experience on configuring site-site vpn between branches having differnet internal network ( eg: & )

Expecting your valuable reply

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
nitinaga Wed, 03/25/2009 - 02:18
User Badges:

You need to do policy natting on all your sites. eg if you take an example of main ASA and one branch router then you have to change the network to

1) on main ASA

2) on branch ASA

this will be just for traffic traversing over VPN and not the internet.

EG: On Main ASA

1) make an access-list:

access-list polnat permit ip

static (inside,outside) access-list polnat netmask

crypto access-list:

access-list cryptoacl permit ip

Similarly on branch ASA:

access-list polnat permit ip

static (inside,outside) access-list polnat netmask

crypto acl:

access-list permit ip

Make sure you do not configure nat exempt.

pranavam_dileep Wed, 03/25/2009 - 02:43
User Badges:

Dear nitinaga,

thank u very much on ur valuable reply.

can u just give me some link so that I can understand & study policy natting in vpn & also understand the above scenario so that I can get a clear picture how it is working.




This Discussion