Overlapping Subnets on IPSec VPN between ASA and IOS Router

Unanswered Question
Feb 3rd, 2012
User Badges:

I currently have two networks, the primary site behind an ASA5505 and a new remote site behind an 2911 and I need to establish an IPSec site-to-site VPN from the remote site into my primary behind the ASA.  I have several remote sites built in this manner and getting a VPN stood up between the two sites isn't a difficult task for me.  This new site, however, is the first time I'm encountering overlapping IP space.  For simplification I'll just say that both sides are using  The way I'd like to handle this is to take a non-conflicting /24 block and nat the remote side behind that range.  Initially I'll only need access to 1 server behind that /24 block so I'm also thinking I'd probably just want to set the server on the remote side to a good static local address then just nat a single IP from the non-conflicting /24 block.  Then when the 2nd server comes online get it statically set on the remote side and slap a new nat rule in place.

Any suggestions on where to go with this? 


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion