Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1029
Views
0
Helpful
2
Replies

IPSec tunnels between duplicate LAN Subnets

Go to solution
Stephen Sisson
Level 1
Level 1

‎11-22-2013 12:39 PM - edited ‎02-21-2020 07:20 PM

Hello everyone,

We need you help connecting three sites with our Central site having all the resources for the users including internet access.

All three sites will have the ASA 5505 as their WAN device.

We need to know is this possible, for configuring an IPsec Tunnel Between all three ASA's with Duplicate LAN Subnets.

Central Site two networks 192.168.1.x /24, 192.168.100.x /24

Remote One subnet 192.168.1.x /24

Remote Two one subnet 192.168.100.x /24

If above is possible we also need to do Hair pinging from Remote One, Remote Two to the Central Site for internet access, everything both sites need are located at the Central Site, including e-mail, network folders, other resource too.

We have no other way for doing this network, as all security is located at our Central Site, for Website filtering, Application filtering, all network traffic filtering.

We understand we can change both Remote sites to a different subnet from the Central Site but we have so many host devices this will take weeks or months to complete, along with changing the MS AD Domain for all end users, Servers too.

We really need your expertise for doing this in a lab then into production.

Thank you

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-25-2013 06:24 AM

Hi Stephen,

You can refer the following links to allow overlapping subnets to talk to each other:-

1. LAN-to-LAN IPsec VPN with Overlapping Networks

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

2. IPsec Between Two IOS Routers with Overlapping Private Networks

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a0ece4.shtml

Important point is local network would have to communicate to remote network via translated addresses.

i.e. you won't be ablt to use actual IP's for the communication.

For haripinning  or U Turning :

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Hope that helps.

Regards,

Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎11-25-2013 06:24 AM

Hi Stephen,

You can refer the following links to allow overlapping subnets to talk to each other:-

1. LAN-to-LAN IPsec VPN with Overlapping Networks

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

2. IPsec Between Two IOS Routers with Overlapping Private Networks

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a0ece4.shtml

Important point is local network would have to communicate to remote network via translated addresses.

i.e. you won't be ablt to use actual IP's for the communication.

For haripinning  or U Turning :

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Hope that helps.

Regards,

Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to Dinesh Moudgil

‎11-25-2013 07:34 AM

Thank you

0 Helpful
Customers Also Viewed These Support Documents