Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

overlapping network address in two PIXs for VPN connection

The PIX in central office A is using with NAT global address 209.*.*.*(the pix outside IP address is also in this range) . It has three connections to branch office B, C, D.

the pix in branch B is using, and the pix in branch C is using, and they are communication with Central office A over VPN tunnel with No NAT translation. They are working fine.

The problem is that the new brach office D is using the same IP address range with NAT global IP address 63.*.*.*. (the PIX outside IP address is also in this range). So central office A and branch office D has overlapping IP addresses.

According to Cisco recommodation, both in office A and D should be NAT-translated to see each other using different IP address. But some Hosts in both office A and D has been NAT-translated to global IP address individually. It will have overlapping IP addresses if we translate in office A to and in office D to (since some host in both internal network have been translated already)

What is the solution?

Any input would be greatly appreciated.

Thanks very much.




Re: overlapping network address in two PIXs for VPN connection

Recent versions of PIX OS support something called 'Bi NAT'. In a nutshell, what is done is to translate overlapping addresses to non-overlapping address spaces. The next step would be to do manually reconstruct the static translations on both ends. More information is available at The only other way out seems to be to start re-addressing all devices on one of the sites.

CreatePlease login to create content