cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4686
Views
0
Helpful
2
Replies

Overlapping Subnets on IPSec VPN between ASA and IOS Router

I currently have two networks, the primary site behind an ASA5505 and a new remote site behind an 2911 and I need to establish an IPSec site-to-site VPN from the remote site into my primary behind the ASA.  I have several remote sites built in this manner and getting a VPN stood up between the two sites isn't a difficult task for me.  This new site, however, is the first time I'm encountering overlapping IP space.  For simplification I'll just say that both sides are using 192.168.1.0/24.  The way I'd like to handle this is to take a non-conflicting /24 block and nat the remote side behind that range.  Initially I'll only need access to 1 server behind that /24 block so I'm also thinking I'd probably just want to set the server on the remote side to a good static local address then just nat a single IP from the non-conflicting /24 block.  Then when the 2nd server comes online get it statically set on the remote side and slap a new nat rule in place.

Any suggestions on where to go with this? 

Thanks!

2 Replies 2

Ashley Sahonta
Level 1
Level 1

I haven't configured this yet, however the following link makes sense:

http://roggyblog.blogspot.com/2009/10/pixasa-site-to-site-l2l-vpn-with_27.html

The configuration in that link allows you to configure a site to site VPN with overlapping subnets.

Jason Gervia
Cisco Employee
Cisco Employee
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: