I've got the same kind of problem. Our 2 servers will be hosted at a remote site and we want to keep IP addresses the same at both ends both because of licensing constraints and unwanted reconfiguration of applications/devices.
I've got an idea of using ASAs on both networks, each with their own 10.1.1.0/24 network. There are no duplicate IP numbers anywhere on the networks.
The ASA on the client network will use proxy ARP to publish the IP address of the remote server which will belong to the local network (10.1.1.100 for example). I'd like to encrypt the comunication and sent it through the VPN to the remote peer on the network. Can the host address be part of the Remote network even though it is also part of the local network?
If this is possibile, can I also run NAT on the packets in order to avoid further complications in reaching the gateway on the remote peer machine?
I am looking at this too; essentially trying to extend a bridge across an IPSEC tunnel. Bidirectional traffic would be desirable. I am about to start working this out in the lab. I'll let you know if I have any success - I suspect there is a good reason I'm missing as to why this isn't going to work.
Upon a little further consideration, the only way I can see this working would be to bridge using GRE through the IPSEC tunnel. Unfortunately that's overkill for the problem I'm trying to solve.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...