IPSEC VPN Connections with overlapping remote site addresses
We have an ASA at our head office which terminates the IPSEC VPN connections from our ADSL connected remote offices.
We have the situation where some of our head office users require access to systems on a 3rd party site. We would like to simply set up an IPSEC VPN connection to this 3rd party site in a similar way as we do with our own remote offices.
The problem is, the internal private addressing used by the 3rd party overlaps with the private addressing used at some of our remote sites.
e.g. we have something like this:
Head Office subnet - 192.168.x.x
Remote Office 1 - 10.1.x.x
Remote Office 2 - 10.2.x.x
Remote Office 3 - 10.3..x.x
3rd Party Office - 10.x.x.x
It would only be the head office that would require connectivity with the 3rd party office. However, the head office also requires access to our similarly addressed remote offices. Is there any way we can achieve this connectivity without having to re-address the sites and without disrupting connectivity to the remote offices?
Re: IPSEC VPN Connections with overlapping remote site addresses
Andrew - thanks, could you expand on your suggestion some more?
Naman - thanks, I'm not sure exactly how to apply that to this particular situation though? (As the head office subnet doesn't actually overlap with the 3rd party subnet but its some of our remote sites that do - I don't want to disrupt connectivity from head office to the remote sites though)
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...