Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Site-to-site VPN ???

Hello all,

I am having 2 sites. 1 is my Headoffice & other is my branch office. i want to setup site-to-site VPN. but the problem is my head office having LAN network in range 192.168.0.0/16 & my branch office having LAN network in range 192.168.1.0/24. is there any possibility of address overlapping ??

4 REPLIES

Re: Site-to-site VPN ???

Yes, there's possibility of overlap because the 192.168.0.0/16 contains the other subnet.

I'll recommend you to do NAT for the VPN traffic.

If both sides have ASAs is really easy, if they have routers it can be done as well.

Federico.

Community Member

Re: Site-to-site VPN ???

Hello Federico,

Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.

Can you give me example how can i do NAT for VPN traffic ?

& What is the Access list i have to add to allow my LAN to Access Remote LAN ??

Thank you..

Community Member

Re: Site-to-site VPN ???

Hello Federico,

Thanks for reply.. Yes i am using ASA & router both. but i am going to configure VPN on ASA.

Can you give me example how can i do NAT for VPN traffic ?

& What is the Access list i have to add to allow my LAN to Access Remote LAN ??

Waiting for ur Reply..

Thank you..

Re: Site-to-site VPN ???

Not sure about an example on the web but I'll show you here:

Site A 192.168.0.0/16 --> NAT to 10.1.0.0/16

Site B 192.168.1.0/24 --> NAT to 172.16.1.0/24

To NAT and communicate both sides you do the following:

Site A:

access-list NAT permit ip 192.168.0.0 255.255.0.0 172.16.1.0 255.255.255.0

static (inside,outside) 10.1.0.0 access-list NAT

access-list VPN permit ip 10.1.0.0 255.255.0.0 172.16.1.0 255.255.255.0

Site B:

access-list NAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0

static (inside,outside) 172.16.1.0 access-list NAT

access-list VPN permit ip 172.16.1.0 255.255.255.0 10.1.0.0 255.255.0.0

Hope it helps.


Federico.

225
Views
4
Helpful
4
Replies
CreatePlease to create content