Site to Site VPN same network

Unanswered Question

I have an ASA5520 running 8.0.4. I need to create a tunnel with a vendor using the same internal network as we are. They are unable NAT on their side. I would like both sides to be able to bring up the tunnel. They are using 10.2.x.x/16 as their internal network, as are we. The interesting traffic on my side would come from the nodes and How do I configure my side of the tunnel to get this to work?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ggilbert Thu, 09/17/2009 - 08:57
User Badges:
  • Cisco Employee,

Hello Keith,

I read through your question and it seems like your side will need to encrypt only and hosts to the remote peer 10.2.x.x/16

So, you should be able to bring up the tunnel and pass traffic without any issues.

If, they have the same network 10.0.194.x on their end as well, then you can do something called as policy NAT.

Please look at the link given below:


In the above example, the network on PIX-A side is getting policy NAT to when the traffic is meant to go for network.


access-list policy-nat extended permit ip

static (inside,outside) access-list policy-nat


Hope this helps.




This Discussion