Site-to-Site IPSec VPN with Overlapping Private Networks

rdassow · ‎05-27-2003

Has anyone tried implementing this? I need to know if this only works with concentrator to concentrator only or will it work with a 3005 to 3002 as well? It is unclear in this document.

http://www.cisco.com/warp/customer/471/config_vpn_3k_site.html

I want to connect multiple remote 10.X.X.X networks to my central site, but be able to translate them in the tunnel so they appear as 9.X.X.X or 12.X.X.X or 13.X.X.X at my central site. Bi-directional communication is necessary. I believe the document above may work but putting 3005's at the remote sites is cost prohibitive. Does anyone know what other device could be used as long as I have a 3005 at the head end?

Ryan

jfrahim · ‎05-27-2003

Hi Ryan,

Any device that is capable of doing LAN-LAN tunnels should work. So you can configure this between 2 concentrators, a concentrator and a IOS router, a concentrator and a pix etc. It can't be done between a concentrator and a 3002. A 3002 is a HW client, and it does not act as a lan-lan device

Jazib

rdassow · ‎05-27-2003

I thought a 3002 *can* act as a lan-to-lan device in network extension mode, right?

ryan

jfrahim · ‎05-27-2003

It is still a HW VPN Client (also known as EasyVPN client) running into NEM. It gives you the same benefits as a lan-lan tunnel.

Jazib

rdassow · ‎05-28-2003

Jazib, one more clarification. Will I be able to translate multiple networks with one concentrator? I want to have a single concentrator translate multiple vpn peer 10.X.X.X networks. In other words, can I have 10 different Lan-to-Lan policies with 10 different translations (10.x.x.x. to 14.x.x.x, 10.x.x.x. to 18.x.x.x, 10.x.x.x to 19.x.x.x.) on a single 3005?

ryan