Two VPN clients with the same subnet

xomchua76 · ‎06-12-2007

Hi,

My small office currently has a few ipsec VPN clients. Currently, we have a new customers, but this customer has the same subnet with our existing client. Anyone knows how to resolve this issue? Both clients can't change their subnets due to their huge network. Currently, we have a pix firewall 506E.

Thanks,

Jason

thomas.chen · ‎06-20-2007

It's possible if you enable NAT-T in headend (remote end) of the VPN client.

shomar · ‎06-21-2007

Hi Jason,

What type of VPN tunnels are we talking about? site to site or RA VPN?

if this is a site to site VPN then you will need to use outside NAT through the tunnel to NAT the new customer's network into a one that is different from the other one. it goes sth like this:

static (in,out) x.x.x.x x.x.x.x

static (out,in) z.z.z.z y.y.y.y

where:

x.x.x.x: your internal network

y.y.y.y: customer2's actual network

z.z.z.z: customer2's translated network

after this you will access customer2's network using the z.z.z.z addressing, also all the match address access-list should be built on the z.z.z.z subnet :)

If you provide me with the PIX configuration and a simple topology maybe I will be able to assist you a little better in here :)

Kindest regards,

Shadi`