Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Gold

VPNs on ASA going to same destination networks using NAT

I haven't been able to get into the lab to test this yet but was wondering if someone here had a quick answer.

The situation is a customer needs to use an ASA device to set up two L2L vpns. The problem is that at each remote end they have an overlapping address that the ASA side needs to connect to. It's not possible for the remote sides to either NAT this address or change it. I know I can set up outside to inside NAT in this situation, but I've never tried it with two overlapping addresses on the remote end. Or if someone else has a better solution, please let me know.

If you need more clarification, please let me know.

Thanks....

1 REPLY

Re: VPNs on ASA going to same destination networks using NAT

I don't think it is possible. The problem is that you would need to NAT between the ASA and the remote endpoints before it hits the box, because the order of operation from outside to inside is IPSec first, then NAT.

At least in PIX and IOS this would be impossible, but I am not so familiar with the ASA so I could be wrong.

If the remote networks were overlapping it would not be any problem though.

132
Views
3
Helpful
1
Replies
CreatePlease to create content