Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
5
Helpful
4
Replies

site-site vpn- same internal network on both side of the tunnel

Go to solution
pranavam_dileep
Level 1
Level 1

‎03-25-2009 02:04 AM

hi all,

I have the following questions regarding Site-Site VPN using ASA 5510 & 5505

Scenerio is

1. we have five branches & one head office

2. we want to establish vpn between branches & head office ( Site-Site VPN )

3. All the branches & head office are using the same internal network ( 192.168.150.0 255.255.255.0 )

My question is

how can I configure site-site VPN between branches & head office having same internal network ( 192.168.150.0/24)

please help me with configuration steps & explanation

I have experience on configuring site-site vpn between branches having differnet internal network ( eg: 192.168.1.0/24 & 192.168.2.0/24 )

Expecting your valuable reply

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
nitinaga
Level 1
Level 1

‎03-25-2009 02:18 AM

You need to do policy natting on all your sites. eg if you take an example of main ASA and one branch router then you have to change the network to

1) on main ASA 192.168.1.0/24

2) on branch ASA 192.168.2.0/24

this will be just for traffic traversing over VPN and not the internet.

EG: On Main ASA

1) make an access-list:

access-list polnat permit ip 192.168.150.0/24 192.168.2.0/24

static (inside,outside) 192.168.1.0 access-list polnat netmask 255.255.255.0

crypto access-list:

access-list cryptoacl permit ip 192.168.1.0/24 192.168.2.0/24

Similarly on branch ASA:

access-list polnat permit ip 192.168.150.0/24 192.168.1.0/24

static (inside,outside) 192.168.2.0 access-list polnat netmask 255.255.255.0

crypto acl:

access-list permit ip 192.168.2.0/24 192.168.1.0/24

Make sure you do not configure nat exempt.

Go to solution
pranavam_dileep
Level 1
Level 1
In response to nitinaga

‎03-25-2009 02:43 AM

Dear nitinaga,

thank u very much on ur valuable reply.

can u just give me some link so that I can understand & study policy natting in vpn & also understand the above scenario so that I can get a clear picture how it is working.

regards

dileep

0 Helpful

Go to solution
pranavam_dileep
Level 1
Level 1
In response to JamesLuther

‎03-25-2009 05:52 AM

thanks a lot

regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents