Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

VPNs on ASA going to same destination networks using NAT

I haven't been able to get into the lab to test this yet but was wondering if someone here had a quick answer.

The situation is a customer needs to use an ASA device to set up two L2L vpns. The problem is that at each remote end they have an overlapping address that the ASA side needs to connect to. It's not possible for the remote sides to either NAT this address or change it. I know I can set up outside to inside NAT in this situation, but I've never tried it with two overlapping addresses on the remote end. Or if someone else has a better solution, please let me know.

If you need more clarification, please let me know.



Re: VPNs on ASA going to same destination networks using NAT

I don't think it is possible. The problem is that you would need to NAT between the ASA and the remote endpoints before it hits the box, because the order of operation from outside to inside is IPSec first, then NAT.

At least in PIX and IOS this would be impossible, but I am not so familiar with the ASA so I could be wrong.

If the remote networks were overlapping it would not be any problem though.

CreatePlease to create content