Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn with the same private ip address


I am having a cisco pix 515 with ios 6.1(4). I want to do a site to site vpn with one of our customer. Both of us have the same private ip address. In my side the pix firewall inside ip address is which is connected to a inside router and behind that router we have systems using all the three private subnets 192.168.1.x,192.168.2.x,172.16.11.x and 10.x.x.x. The clinet is having 192.168.3.x and 192.168.4.x. I went through the cisco doumentation and i was more confused. IF want to configure my firewall for this purpose is the below configuration on access-list correct?

access-list 101 permit ip

access-list 101 permit ip

I want the other site to see my ip address as

nat (inside) 0 acces--list 101

static (inside,outside)

static (inside,outside)

Can have two static statements with the same outside subnet or should i have another subnet like and create access-list for no natting purpose

Then i create a static (outside,inside) x.x.x.x

x.x.x.x is the other side translated address which after entering will get translated to my private ip address

After which i create the regular ipsec using crypto and isakmp.

Is this correct configuration to have a site to site vpn with same ip address?

What should i add more so that the regular internet connectivity does not over lap with the static statements that were given for vpn. (i.e) only during vpn should be tranlated to which is translated back to in the other side and vice-versa but the regular internet traffic should flow in the same way like before

Thanks in Advance

  • Other Security Subjects
New Member

Re: vpn with the same private ip address

I would recommend opening a case with Cisco on this issue as they can review your complete configuration information in order to assist you with the NAT and access-list configuration.

This widget could not be displayed.