02-03-2012 01:14 PM - edited 02-21-2020 05:51 PM
I currently have two networks, the primary site behind an ASA5505 and a new remote site behind an 2911 and I need to establish an IPSec site-to-site VPN from the remote site into my primary behind the ASA. I have several remote sites built in this manner and getting a VPN stood up between the two sites isn't a difficult task for me. This new site, however, is the first time I'm encountering overlapping IP space. For simplification I'll just say that both sides are using 192.168.1.0/24. The way I'd like to handle this is to take a non-conflicting /24 block and nat the remote side behind that range. Initially I'll only need access to 1 server behind that /24 block so I'm also thinking I'd probably just want to set the server on the remote side to a good static local address then just nat a single IP from the non-conflicting /24 block. Then when the 2nd server comes online get it statically set on the remote side and slap a new nat rule in place.
Any suggestions on where to go with this?
Thanks!
03-01-2012 06:30 AM
I haven't configured this yet, however the following link makes sense:
http://roggyblog.blogspot.com/2009/10/pixasa-site-to-site-l2l-vpn-with_27.html
The configuration in that link allows you to configure a site to site VPN with overlapping subnets.
03-01-2012 06:42 AM
And the official Cisco links (though they don't combine a router and an ASA):
2 ASAs:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
2 Routers:
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080a0ece4.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: