Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
2
Replies

L2L, VPN How to solve other 2 VPN sites are duplicate networks

masafumih.meta-bit
Level 1
Level 1

‎11-01-2010 03:19 AM

Situation:

I already conected L2L VPN to Client A, and I gonna connect new L2L VPN to Client B.

However both networks are duplicated and they already have other VPN connection to another so can't change network address by NAT.

Cisco Adaptive Security Appliance Software Version 8.2(3)
Device Manager Version 6.2(1)

Client A VPN WAN IP (Peer): A.B.C.D

192.168.20.0 netmask 255.255.255.0

Server A(need to connect from my side) : 192.168.20.5

Client B VPN WAN IP (Peer): E.F.G.H
192.168.20.0 netmask 255.255.255.0

Server A(need to connect from my side) :192.168.20.5

and  already VPN connection to both are established...

if I use...

#static (outside,inside) 10.10.1.5 192.168.20.5 netmask 255.255.255.255

Sorce IP are same so can't.

is it possible to Static NAT IP by VPN connection, like using "tunnel-group" ...??

or maybe...

I olny need to connect Server A & B so ...

change tcp port to connect from ... and Static NAT IP?

such as...

#static (outside,inside) tcp 192.168.20.5 45098 10.10.1.5 45098 netmask 255.255.255.255

#static (outside,inside) tcp 192.168.20.5 45099 10.10.1.6 45099 netmask 255.255.255.255

(however this setting does not work...)

Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎11-01-2010 06:07 AM

Hello,

Please take a look at the document below

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

Hope it helps.

Mike

Mike
0 Helpful

masafumih.meta-bit
Level 1
Level 1
In response to Maykol Rojas

‎11-01-2010 05:37 PM

Thanks Mike!!

I already check this however I'm seeking if there othere solution...

because I only have old PIX(ver6.2) which can't configure Static NAT with access-list like

"static (inside,outside) 172.18.1.0  access-list policy-nat"

the other envirnment is Sonicwall so I trid to set up like this however failed.  So that I start to find other solution with PAT or smth...

do you think this is the only way?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents