Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

Concentrator (ver 4.7) VPN LAN overlap question

I have a question as to whether the following scenario is possible to configured.

I have a main site, that needs to create a VPN tunnel to remote client sites, assumably via a LAN-2-LAN connection. I need to be able to access all routable subnets on each remote client subnet.

The problem is that the remote sites themselves may have multiple subnets connected to their VPN concentrator as a function of their overall corporate star topology VPN environment. These subnet schemes may overlap from client to client. So while I've seen examples of how to overcome this problem if the immediate remote sites overalap, I haven't seen anything that talks about how to access the additional remote network subnets.

Is this possible?

SITEA <--> CLIENTA (10.0.1.x) <--> CLIENTA-SUBITE (10.0.2.x)

and at the same time

SITEA <--> CLIENTB(10.0.1.x) <--> CLIENTB-SUBSITE (10.0.2.x)

I guess I need to say that x number of subnets on my side, map up 1-to-1 on the x number of subnets on the remote side.

Any thoughts on if this is possible, and how best to address?



  • Security Management
New Member

Re: Concentrator (ver 4.7) VPN LAN overlap question

Hey rstromberg , You would need to configure your concentrator to do NAT over Lan-to-Lan VPN. Take a look at this url to see if this would help you out.

New Member

Re: Concentrator (ver 4.7) VPN LAN overlap question

Thanks fo much for replying. That work fine, but I have an additional layer of complexity, I think.

I have multiple non-consecutive nets on the client end that I need to be able to NAT. I haven't seen how I can apply additional subnets, or even just a bunch of /32 NAT statements that will take my network, and map it up to multiple IPs from different networks on the remote end.