Site-to-site VPN ???

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Federico Coto F... Thu, 09/09/2010 - 22:20
User Badges:
  • Green, 3000 points or more

Yes, there's possibility of overlap because the 192.168.0.0/16 contains the other subnet.

I'll recommend you to do NAT for the VPN traffic.


If both sides have ASAs is really easy, if they have routers it can be done as well.


Federico.

Federico Coto F... Fri, 09/10/2010 - 10:32
User Badges:
  • Green, 3000 points or more

Not sure about an example on the web but I'll show you here:


Site A 192.168.0.0/16 --> NAT to 10.1.0.0/16

Site B 192.168.1.0/24 --> NAT to 172.16.1.0/24


To NAT and communicate both sides you do the following:


Site A:

access-list NAT permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0

static (inside,outside) 10.1.0.0 access-list NAT


access-list VPN permit ip 10.1.0.0 255.255.0.0 172.16.1.0 255.255.255.0


Site B:

access-list NAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0

static (inside,outside) 172.16.1.0 access-list NAT


access-list VPN permit ip 172.16.1.0 255.255.255.0 10.1.0.0 255.255.0.0


Hope it helps.


Federico.

Actions

This Discussion