06-12-2007 02:39 PM - edited 03-11-2019 03:29 AM
Hi,
My small office currently has a few ipsec VPN clients. Currently, we have a new customers, but this customer has the same subnet with our existing client. Anyone knows how to resolve this issue? Both clients can't change their subnets due to their huge network. Currently, we have a pix firewall 506E.
Thanks,
Jason
06-20-2007 06:59 AM
It's possible if you enable NAT-T in headend (remote end) of the VPN client.
06-21-2007 03:26 AM
Hi Jason,
What type of VPN tunnels are we talking about? site to site or RA VPN?
if this is a site to site VPN then you will need to use outside NAT through the tunnel to NAT the new customer's network into a one that is different from the other one. it goes sth like this:
static (in,out) x.x.x.x x.x.x.x
static (out,in) z.z.z.z y.y.y.y
where:
x.x.x.x: your internal network
y.y.y.y: customer2's actual network
z.z.z.z: customer2's translated network
after this you will access customer2's network using the z.z.z.z addressing, also all the match address access-list should be built on the z.z.z.z subnet :)
If you provide me with the PIX configuration and a simple topology maybe I will be able to assist you a little better in here :)
Kindest regards,
Shadi`
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: