Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Urgent: NAT


I have a router in the center and have 10 Remote-sites that use the same subnet

Remote-site 1 : Subnet

Remote-site 2 : Subnet

Remote-site 3 : Subnet

and so on

Ist there any way to connect to these subnets at the same time from the same router using VPN Tunnels ?.

Hall of Fame Super Gold

Re: Urgent: NAT

You would need to run NAT at each of the remote sites. That would prevent you having connectivity between remote sites, so I suggest you renumber them to have different subnets, and configure NAT to access the Internet at central site only.

Hope this helps, please rate post if it does!

New Member

Re: Urgent: NAT

Thanks for replaying paolo,

The installations at the remote site can not be changed. What about if i use different ipsec virtual interfaces ( a Virtual interface for each connection ) and do route-map based NAT . Will this work?



Hall of Fame Super Gold

Re: Urgent: NAT

Honestly I don't see how that would work. It has been a bad design in first place to give the same address to all the locations if these were meant to communicate.

Hall of Fame Super Blue

Re: Urgent: NAT


As Paolo says it's not a good design to have the same subnet at each location but i think the answer to your question is yes it can be done but it's messy.

For each remote subnet you need to NAT this to some other unique subnet range eg.

Remote site 1 ->

Remote site 2 ->


The NAT translations will have to be done on each remote site router.

Then you create your VPN tunnels based on the translated addresses.

From the HQ site to talk to at site 1 you would use the address

To talk to at site 2 you would use the address

The spokes could also talk to each other with thus ie.

site 1 talks to site 2


site 1 talks to site 2

This will work but as i say it is very messy and NAT can and does break certain applications.

I appreciate what you say about not being able to change addresses but the amount of extra configuration and complexity needed to make this work would make readdressing the far simpler option.