I have an unusual scenario whereby i require a site to site vpn tunnel between a version 7 cisco pix and a version 8 cisco asa which have the same ip subnet at each endpoint. Is it possible to create such a site to site tunnel or will i need to change one of the remote endpoints?
To allow the traffic to flow through the tunnel when having the same addressing scheme on both ends, you should NAT the VPN traffic.
Site A LAN 10.1.1.0/24
Site B LAN 10.1.1.0/24
Site A config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (in,out) 192.168.1.0 access-list NAT
access-list crypto permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
Site B config:
access-list NAT permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (in,out) 192.168.2.0 access-list NAT
access-list crypto permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
The idea is that Site A will be translatefd to 192.168.1.0 when going to Site B, and Site B will be translated to 192.168.2.0 when going to Site A.
Hope it makes sense.