Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

IPSec VPN between ASAs with same subnet for Disaster Recovery

Hi,

I need some clarification from you guys.

We have to make disaster recovery site EasyVPN tunnels on Cisco 5505 ASA firewalls. Now there is only one main site and 3 remote sites.

For DR we have to use the same subnet as it is on the main site because the Vmware virtual machines will be replicated to DR.

For DR we are using Double Take software.

What is the best solution for this? I think that we could use Destination NAT on ASAs. The other sites (HQ and remote) will se only the NAT address of the

DR and not the real one which is the same as on the main site.

So guys, will this work? We are using IPSec VPN? In packet-tracer on ASA I see that the packet is first NATed and then encrypted, so it should work, yes?

I hope that somebody can confirm this.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

IPSec VPN between ASAs with same subnet for Disaster Recovery

I can confirm it will definitely work,

for prior type natting refer 8.3:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml#diag

for 8.3 and later also this is achievable.

2 REPLIES
New Member

IPSec VPN between ASAs with same subnet for Disaster Recovery

I can confirm it will definitely work,

for prior type natting refer 8.3:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml#diag

for 8.3 and later also this is achievable.

Bronze

IPSec VPN between ASAs with same subnet for Disaster Recovery

Thank you for the confirmation.

We will test it soon and I hope that it will work as expected.

1283
Views
0
Helpful
2
Replies