Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn with the same private ip address

Hi,

I am having a cisco pix 515 with ios 6.1(4). I want to do a site to site vpn with one of our customer. Both of us have the same private ip address. In my side the pix firewall inside ip address is 192.168.3.1 which is connected to a inside router and behind that router we have systems using all the three private subnets 192.168.1.x,192.168.2.x,172.16.11.x and 10.x.x.x. The clinet is having 192.168.3.x and 192.168.4.x. I went through the cisco doumentation and i was more confused. IF want to configure my firewall for this purpose is the below configuration on access-list correct?

access-list 101 permit ip 192.168.20.0 255.255.255.0 192.168.4.0

access-list 101 permit ip 192.168.20.0 255.255.255.0 192.168.3.0

I want the other site to see my ip address as 192.168.20.0

nat (inside) 0 acces--list 101

static (inside,outside) 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0

static (inside,outside) 192.168.20.0 255.255.255.0 10.0.0.0 255.0.0.0

Can have two static statements with the same outside subnet 192.168.20.0 or should i have another subnet like 192.168.21.0 and create access-list for no natting purpose

Then i create a static (outside,inside) x.x.x.x 255.255.255.0 192.168.4.0 255.255.255.0

x.x.x.x is the other side translated address which after entering will get translated to my private ip address

After which i create the regular ipsec using crypto and isakmp.

Is this correct configuration to have a site to site vpn with same ip address?

What should i add more so that the regular internet connectivity does not over lap with the static statements that were given for vpn. (i.e) only during vpn 192.168.4.0 should be tranlated to 192.168.20.0 which is translated back to 192.168.4.0 in the other side and vice-versa but the regular internet traffic should flow in the same way like before

Thanks in Advance

  • Other Security Subjects
1 REPLY
New Member

Re: vpn with the same private ip address

I would recommend opening a case with Cisco on this issue as they can review your complete configuration information in order to assist you with the NAT and access-list configuration.

86
Views
0
Helpful
1
Replies
This widget could not be displayed.