04-21-2015 06:57 PM
Hi all,
I have an L2L vpn, I have 2 customers that they're interesting traffic is 192.168.10.0, my question is how can i Mange to route this 2 customers.
I have configured the vpn with no problem the issue is, when I have to do the routing and I point to 192.168.10.0 I will have to point to one of my customers not both.
Thanks all.
04-22-2015 11:27 AM
Since you have overlapping IP addresses you'll need to pick one of these options (perhaps there are others):
1. NAT the destination on the ASA so they can match different crypto ACLs
2. Use ASA multiple contexts - one for each customer
3. Use an IOS/IOS-XE based router with VRF-aware IPSec and use a separate VRF per customer
04-22-2015 01:16 PM
Here is how we handle that type of setup.
Customer 1 needs to NAT to 10.0.1.0/24
Customer 2 needs to NAT to 10.0.2.0/24
so the traffic coming from customer 1 will be 10.0.1.0/24
and traffic coming from customer 2 will be 10.0.2.0/24
so the Interesting traffic for customer 1 will be 10.0.1.0/24
and interesting traffic for customer 2 will be 10.0.2.0/24
Mike
04-23-2015 03:59 AM
For that
Thanks.
04-23-2015 04:17 AM
That is correct, static NAT.
What code are you running?
04-23-2015 03:04 PM
I have a Pix515 version.
04-22-2015 12:58 PM
Hi Chetan,
Here are the documents that you can refer for configuring VPN tunnels for overlapping subnets.
For VPN on ASAs:-
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112049-asa8x-vpn-olap-config-00.html
For VPN on IOS routers:-
http://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping.html
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide