cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
4
Helpful
4
Replies

Site-to-site VPN ???

vinayak
Level 1
Level 1

Hello all,

I am having 2 sites. 1 is my Headoffice & other is my branch office. i want to setup site-to-site VPN. but the problem is my head office having LAN network in range 192.168.0.0/16 & my branch office having LAN network in range 192.168.1.0/24. is there any possibility of address overlapping ??

4 Replies 4

Yes, there's possibility of overlap because the 192.168.0.0/16 contains the other subnet.

I'll recommend you to do NAT for the VPN traffic.

If both sides have ASAs is really easy, if they have routers it can be done as well.

Federico.

Hello Federico,

Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.

Can you give me example how can i do NAT for VPN traffic ?

& What is the Access list i have to add to allow my LAN to Access Remote LAN ??

Thank you..

Hello Federico,

Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.

Can you give me example how can i do NAT for VPN traffic ?

& What is the Access list i have to add to allow my LAN to Access Remote LAN ??

Waiting for ur Reply..

Thank you..

Not sure about an example on the web but I'll show you here:

Site A 192.168.0.0/16 --> NAT to 10.1.0.0/16

Site B 192.168.1.0/24 --> NAT to 172.16.1.0/24

To NAT and communicate both sides you do the following:

Site A:

access-list NAT permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0

static (inside,outside) 10.1.0.0 access-list NAT

access-list VPN permit ip 10.1.0.0 255.255.0.0 172.16.1.0 255.255.255.0

Site B:

access-list NAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0

static (inside,outside) 172.16.1.0 access-list NAT

access-list VPN permit ip 172.16.1.0 255.255.255.0 10.1.0.0 255.255.0.0

Hope it helps.


Federico.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: