Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Overlapping Site-2-Site VPN PIX 515e

we have a site-to-site VPN with our client based Dubai, unfortunately we are having an overlapping issue between the link.

Client IP pool i.e. 172.16.10.0/24 is the same as our DMZ pool we assigned. It is not possible for the Client to change their network nor it is possible for us.

Is there any way i could enable src nat on the inbound traffic after it exits the VPN tunnel on our PIX? can anyone suggest a better way please

1 REPLY
Bronze

Re: Overlapping Site-2-Site VPN PIX 515e

hi

in situation where you have overlapping networks i thinks the best way to go is to use nat in both directions, i mean

ip nat inside source list XX pool out-pool

ip nat outside source list XX pool in-pool

where XX is an access-list that allows the common addressing space in both networks :

access-list xxx permit ip 172.16.10.0 0.0.0.255 (if the common addressing space is 172.16.10.0/24)

out-pool is a pool for your outbound traffic going to the other network

in-pool another pool for your inbound traffic , that coming from the other network towards your netwok.

HTH

Please do rate if it does help

128
Views
6
Helpful
1
Replies