09-09-2010 10:01 PM - edited 03-11-2019 11:38 AM
Hello all,
I am having 2 sites. 1 is my Headoffice & other is my branch office. i want to setup site-to-site VPN. but the problem is my head office having LAN network in range 192.168.0.0/16 & my branch office having LAN network in range 192.168.1.0/24. is there any possibility of address overlapping ??
09-09-2010 10:20 PM
Yes, there's possibility of overlap because the 192.168.0.0/16 contains the other subnet.
I'll recommend you to do NAT for the VPN traffic.
If both sides have ASAs is really easy, if they have routers it can be done as well.
Federico.
09-09-2010 10:25 PM
Hello Federico,
Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.
Can you give me example how can i do NAT for VPN traffic ?
& What is the Access list i have to add to allow my LAN to Access Remote LAN ??
Thank you..
09-09-2010 11:42 PM
Hello Federico,
Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.
Can you give me example how can i do NAT for VPN traffic ?
& What is the Access list i have to add to allow my LAN to Access Remote LAN ??
Waiting for ur Reply..
Thank you..
09-10-2010 10:32 AM
Not sure about an example on the web but I'll show you here:
Site A 192.168.0.0/16 --> NAT to 10.1.0.0/16
Site B 192.168.1.0/24 --> NAT to 172.16.1.0/24
To NAT and communicate both sides you do the following:
Site A:
access-list NAT permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0
static (inside,outside) 10.1.0.0 access-list NAT
access-list VPN permit ip 10.1.0.0 255.255.0.0 172.16.1.0 255.255.255.0
Site B:
access-list NAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
static (inside,outside) 172.16.1.0 access-list NAT
access-list VPN permit ip 172.16.1.0 255.255.255.0 10.1.0.0 255.255.0.0
Hope it helps.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide