VPN remote sites

opnineopnine · ‎04-21-2015

Hi all,

I have an L2L vpn, I have 2 customers that they're interesting traffic is 192.168.10.0, my question is how can i Mange to route this 2 customers.

I have configured the vpn with no problem the issue is, when I have to do the routing and I point to 192.168.10.0 I will have to point to one of my customers not both.

Thanks all.

thiland · ‎04-22-2015

Since you have overlapping IP addresses you'll need to pick one of these options (perhaps there are others):

1. NAT the destination on the ASA so they can match different crypto ACLs

2. Use ASA multiple contexts - one for each customer

3. Use an IOS/IOS-XE based router with VRF-aware IPSec and use a separate VRF per customer

burleyman · ‎04-22-2015

Here is how we handle that type of setup.

Customer 1 needs to NAT to 10.0.1.0/24

Customer 2 needs to NAT to 10.0.2.0/24

so the traffic coming from customer 1 will be 10.0.1.0/24

and traffic coming from customer 2 will be 10.0.2.0/24

so the Interesting traffic for customer 1 will be 10.0.1.0/24

and interesting traffic for customer 2 will be 10.0.2.0/24

Mike

opnineopnine · ‎04-23-2015

hello burleyman,

For that nat will use static nat?

Thanks.

burleyman · ‎04-23-2015

That is correct, static NAT.

What code are you running?

opnineopnine · ‎04-23-2015

I have a Pix515 version.

Dinesh Moudgil · ‎04-22-2015

Hi Chetan,

Here are the documents that you can refer for configuring VPN tunnels for overlapping subnets.

For VPN on ASAs:-
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112049-asa8x-vpn-olap-config-00.html

For VPN on IOS routers:-
http://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping.html

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/