Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA to ASA VPN

Hi,

can someone help with VPN connection between overlapping networks with two ASA (version 7.2)?

On site A i have a internal networks (VLAN) with ranges 172.26.200.0/24, 172.25.1.0/24, 10.0.0.0/24, 10.0.1.0/24 etc. (routing is done by EIGRP)

On site B i have only one internal network with 10.0.0.0/23 (static routing, L2 network) - default gateway is Inside interface of ASA.

I need to create L2L VPN tunel between these sites. Users from subnet 10.0.0.0/23 (site B) will be connecting to servers on site A (172.26.200.1-254).  

I read some guides from cisco but i cant find comprehensible answer.

Probably i should do policy NAT between sites, but how to configure access-lists, NAT and routing with right subnets?

Many thanks.

1 REPLY

Re: ASA to ASA VPN

Hi,

The answer is Policy NAT.

Site A:

access-list NAT1 permit ip 10.0.0.0 255.255.255.0 192.168.3.0 255.255.254.0

static (inside,outside) 192.168.0.0 access-list NAT1

access-list NAT2 permit ip 10.0.1.0 255.255.255.0 192.168.3.0 255.255.254.0

static (inside,outside) 192.168.1.0 access-list NAT2

access-list VPN permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.254.0

access-list VPN permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.254.0

Site B:

access-list NAT permit ip 10.0.0.0 255.255.254.0 192.168.0.0 255.255.254.0

static (inside,outside) 192.168.3.0 access-list NAT

access-list VPN permit ip 192.168.3.0 255.255.254.0 192.168.0.0 255.255.254.0

NAT on Site A

10.0.0.0/24 to 192.168.0.0/24

10.0.1.024 to 192.168.1.0/24

NAT on Site B

10.0.0.0/23 to 192.168.3.0/23

Hope it helps.

Federico.

294
Views
0
Helpful
1
Replies