Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510 7.0 Need to tunnel to two different sites with same LAN subnet

We have an ASA5510 that

connects to the internet with a static IP address

and connects to our LAN with a static  IP  address.

We allow client connections on tunnel group First   type ipsec-ra

group-policy First internal

ip local pool First 192.168.120.2-192.168.120.200

nat (inside) 0 access-list inside_nat0_inbound

nat(inside) 0 0.0.0.0 0.0.0.0

We also have several peer-to-peer tunnels

tunnel-group nnn.nnn.nnn.nnn type ipsec-121

and these are working.

Now I have two other remote offices who have both built their LANs  on subnet

192.168.1.0/24.  I need to build peer-to-peer tunnels to both of these locations.

Is there a way to nat the addresses of the two locations individually as they enter the ASA5510

from the internet

Thanks for your help,  Pam

  • VPN
1 REPLY
Bronze

Re: ASA 5510 7.0 Need to tunnel to two different sites with same

Hi Pam,

I don't know of any way to NAT the traffic as it enters the 5510, but if the remote branches are ASA's or PIX's then you can implement Policy NAT on those devices to achieve what you're looking for. The documentation for the PIX can be found here, under 'Configuring Policy NAT'. The ASA would be similar, if not the same...

http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113601

It is possible, through static NAT trickery, to do what you want on the 5510 *so long as* there are no overlapping IPs between the overlapping subnets. I wouldn't recommend this though as it can likely get confusing pretty quickly. I would look into the Policy NAT if at all possible.

James

340
Views
0
Helpful
1
Replies
This widget could not be displayed.