I am having a cisco pix 515 with ios 6.1(4). I want to do a site to site vpn with one of our customer. Both of us have the same private ip address. In my side the pix firewall inside ip address is 192.168.3.1 which is connected to a inside router and behind that router we have systems using all the three private subnets 192.168.1.x,192.168.2.x,172.16.11.x and 10.x.x.x. The clinet is having 192.168.3.x and 192.168.4.x. I went through the cisco doumentation and i was more confused. IF want to configure my firewall for this purpose is the below configuration on access-list correct?
access-list 101 permit ip 192.168.20.0 255.255.255.0 192.168.4.0
access-list 101 permit ip 192.168.20.0 255.255.255.0 192.168.3.0
I want the other site to see my ip address as 192.168.20.0
Can have two static statements with the same outside subnet 192.168.20.0 or should i have another subnet like 192.168.21.0 and create access-list for no natting purpose
Then i create a static (outside,inside) x.x.x.x 255.255.255.0 192.168.4.0 255.255.255.0
x.x.x.x is the other side translated address which after entering will get translated to my private ip address
After which i create the regular ipsec using crypto and isakmp.
Is this correct configuration to have a site to site vpn with same ip address?
What should i add more so that the regular internet connectivity does not over lap with the static statements that were given for vpn. (i.e) only during vpn 192.168.4.0 should be tranlated to 192.168.20.0 which is translated back to 192.168.4.0 in the other side and vice-versa but the regular internet traffic should flow in the same way like before
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...