VPN L2L Cisco-Watchguard on the same subnet

Unanswered Question
Mar 15th, 2010
User Badges:


I have a problem with a VPN Lan-to-Lan between a Cisco 850 (12.4) and a Watchguard (11.1). I need to NAT the two private addresses because, on the Watchguard side, the Cisco subnet is already used. I have no problem to create the VPN tunnel and I see it up and running on the two devices but I cannot browse the LAN.

Some informations:

LAN1 = Cisco

LAN1 private address =

LAN1 nat =

LAN1 public address = 88.40.abc.def

LAN2 = Watchguard
LAN2 private address =
LAN2 nat =
LAN2 public address = 88.57.ghi.jkl

This is the Cisco configuration for the VPN:

crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXX address 88.57.ghi.jkl
crypto isakmp keepalive 20 5
crypto isakmp aggressive-mode disable
crypto ipsec transform-set LAN2LANSET esp-3des esp-sha-hmac
crypto map LANTOLANMAP 20 ipsec-isakmp
set peer 88.57.ghi.jkl
set transform-set LAN2LANSET
match address 120
no ip source-route
no ip gratuitous-arps
ip cef
no ip domain lookup
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
ip address 88.40.abc.def
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
  encapsulation aal5snap
crypto map LANTOLANMAP
interface Vlan1
ip address
ip nat inside
ip virtual-reassembly
ip route ATM0.1
ip nat inside source route-map NONAT interface ATM0.1 overload
access-list 110 deny   ip
access-list 110 deny   ip
access-list 110 permit ip any
access-list 120 permit ip
route-map NONAT permit 10
match ip address 110

With this configuration I can browse the internet but NOT the VPN tunnel (because, I suppose, there is no NAT). If I add this:

ip nat inside source static network /24 no-alias

I can browse the tunnel but not the internet (because, I think, I redirect all the traffic through the tunnel). Is there a way to solve this situation? For the record, I cannot buy other hardware or change the two subnet addresses.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion