Pix VPN tunnel with overlapping networks

Would like to know if this can be done.

10.x.x.x-------PIX--------Internet VPN Tunnel-------VPN router-------10.x.x.x

I need to create a VPN tunnel to a partner company. I am on the PIX side. Our internal networks are both using overlapping 10.x.x.x space. We both would like to use nat to present 192.x.x.x space to each other.

2 questions:

1. If I do nat on my PIX so the partner's 10.x.x.x will appear as 192.x.x.x to my internal users - will this work? ( I am sure if this will work, he will have to do a similar thing on his side)

static (outside,inside) 10.x.x.x 192.x.x.x netmask 0 0

2. Is it also possible for me on the same PIX to nat my 10.x.x.x to 192.y.y.y so he sees my 10.x.x.x space as 192 addresses?

CAN THIS BE DONE? If this is a crazy solution, do you have a working one?

Thank you in advance.

Re: Pix VPN tunnel with overlapping networks


Fortunately there is a solution for this. I had already answered this before in this forum. Anyway, there is a good article from Cisco that very closely matches your scenario. Check out the links.

You can also refer to

Keep us posted if it solves your problem. Thanks.


