Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
5
Helpful
1
Replies

Client subnet overlapping through vpn- Destination nat

amitmarathe
Level 1
Level 1

‎10-09-2009 05:47 AM

Hi,

Following is the scenerio:

Company A(172.16.1.0/24) > Company B(192.168.1.1/24)

Company A(172.16.1.0/24) > Company C(192.168.1.1/24

Need to establish VPN between A>B and A>C.

Is the destination nat is possible?

Is any other way to work on this case?

A only.

Note : We need to do changes on Company.

Please revert even though it is not possible. Appreciate your efforts.

Labels:
0 Helpful
1 Reply 1

auraza
Cisco Employee
Cisco Employee

‎10-09-2009 05:58 AM

If you only need to get from Comp B and C to A, and not between each other, then you would need to NAT on the Company B device, and then encrypt the NAT'd traffic.

access-list BtoA_nat permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0

static (i,o) 192.168.10.0 access-list BtoA_nat

access-list crypto_BtoA permit ip 192.168.10.0 255.255.255.0 172.16.1.0 255.255.255.0

Reference the access-list above in your crypto map.

On site A, your ACL would be:

access-list crypto_AtoB permit ip 172.16.1.0 255.255.255.0 192.168.10.0 255.255.255.0

PS. If this post was helpful, please rate it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents