cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
666
Views
0
Helpful
3
Replies

Cisco ASA VPN with two remote overlapping networks

jschmied
Level 1
Level 1

We have a scenario with two VPN connected remote network (customers) each using the same LAN subnet.

Customer VPN1 = remote network 192.168.0.0/24

Customer VPN2 = remote network 192.168.0.0/24

Is there a way through the use of destination NAT or another NAT configuration to overcome this overlap? The customers cannot perform NAT on their side of the tunnel as their firewalls are not ASA (They are using Meraki) and do not support the NAT configuration.

 

Thanks!

Jamie

 

 

3 Replies 3

According to this KB article the Meraki does support NAT for overlapping VPN:

https://kb.meraki.com/knowledge_base/using-vpn-translation-with-overlapping-subnets

If they still can not NAT on their end then this will be difficult to do on the ASA if both remote site VPNs terminate on the same interface.

--

Please remember to select a correct and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Thank you very much for the response. I relayed this information to our customer with the Meraki firewall. He said he can NAT on the tunnel, however, the translation is global. It translates this for all VPN's not just the one terminating to my ASA. He has several VPN's and the others cannot be changed. Is there a way to translate on a a specific VPN tunnel while not affecting (not NATing) the other VPN tunnels on the Meraki firewall.? Thanks again.

Jamie

I am not sure if it does support multiple VPN translations..or not.

Do both customer 1 and 2 not use an ASA or Cisco router? or do both use Meraki? If one of the customers has a device that supports translating VPN traffic, perhaps that customer would be willing to translate at their end?

--

Please remember to select a correct and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: