Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

site-site vpn- same internal network on both side of the tunnel

hi all,

I have the following questions regarding Site-Site VPN using ASA 5510 & 5505

Scenerio is

1. we have five branches & one head office

2. we want to establish vpn between branches & head office ( Site-Site VPN )

3. All the branches & head office are using the same internal network ( 192.168.150.0 255.255.255.0 )

My question is

how can I configure site-site VPN between branches & head office having same internal network ( 192.168.150.0/24)

please help me with configuration steps & explanation

I have experience on configuring site-site vpn between branches having differnet internal network ( eg: 192.168.1.0/24 & 192.168.2.0/24 )

Expecting your valuable reply

  • VPN
1 ACCEPTED SOLUTION
4 REPLIES
New Member

Re: site-site vpn- same internal network on both side of the tun

You need to do policy natting on all your sites. eg if you take an example of main ASA and one branch router then you have to change the network to

1) on main ASA 192.168.1.0/24

2) on branch ASA 192.168.2.0/24

this will be just for traffic traversing over VPN and not the internet.

EG: On Main ASA

1) make an access-list:

access-list polnat permit ip 192.168.150.0/24 192.168.2.0/24

static (inside,outside) 192.168.1.0 access-list polnat netmask 255.255.255.0

crypto access-list:

access-list cryptoacl permit ip 192.168.1.0/24 192.168.2.0/24

Similarly on branch ASA:

access-list polnat permit ip 192.168.150.0/24 192.168.1.0/24

static (inside,outside) 192.168.2.0 access-list polnat netmask 255.255.255.0

crypto acl:

access-list permit ip 192.168.2.0/24 192.168.1.0/24

Make sure you do not configure nat exempt.

New Member

Re: site-site vpn- same internal network on both side of the tun

Dear nitinaga,

thank u very much on ur valuable reply.

can u just give me some link so that I can understand & study policy natting in vpn & also understand the above scenario so that I can get a clear picture how it is working.

regards

dileep

New Member

Re: site-site vpn- same internal network on both side of the tun

thanks a lot

regards

317
Views
5
Helpful
4
Replies
This widget could not be displayed.