Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 515e - Site2Site VPN with Duplicate IP address(s)

I need to create a site-2-site vpn with a new vendor. Both sites are using the 10.x.x.x network addressing scheme. The problem is that the IP address on our network (ex is already being used on the vendors network. They suggest that I translate my to something like for them.

How can I go about accomplishing this? My PIX is already configured for remote access VPN - not site-to-site as of yet.

Thanks for any pointers.


Re: PIX 515e - Site2Site VPN with Duplicate IP address(s)

You can use bi-directional translation to make the two private LANs with overlapping address space communicate over the IPSec tunnel. The configuration is as shown in the document at

New Member

Re: PIX 515e - Site2Site VPN with Duplicate IP address(s)

Well, I'm back on this since I have to go back to the overlapping address. All is currently working - now I just have to change the IP to one that is already being used.

I have looked at the article and it appears to show me what I need to do, however, I don't fully understand the comment in the config example that says

"Static translation defined Private_LAN1 from to

Note that this translation will be used for both VPN and Internet traffic from Private_LAN1. So a routable global IP address range, or an extra NAT at the ISP router (in front of the PIX), will be required if Private_LAN1 also needs internal access."

My internal address being translated definitely needs access to the internet and is also used by the remote VPN connections.

Can anyone help me see things a littler clearer??

CreatePlease login to create content