scrmcna
asked on
Create VPN with duplicate IP addresses on both sides of tunnel-NAT?
We run a Cisco ASA box. We currently have multiple VPN connections running on it. Now I have a request to set up a VPN with a client that has the same ip address scheme that we use. We use a 192.168.x.x for our point2point routers for our remote offices. The server at the new client uses a 192.168.1.6, which is one of our internal IP addresses. So when I try to ping the .6 address I'm getting my internal one, not the clients. On the other side is a SonicWall firewall. I'm guessing we need to set up some sort of NAT. I'm not sure how or what I need to do.
my server ASA SonicWall Client Server
172.22.2.x ----172.22.0.4----internet ------Not sure of IP-----192.168.1.6
my p2p router
192.168.1.6
my server ASA SonicWall Client Server
172.22.2.x ----172.22.0.4----internet
my p2p router
192.168.1.6
ASKER
This looks good, but i'm not sure why we need to create 2 different NAT Networks, the 10.x and the 20.x. Couldn't both ends create the 10.x?
ASKER
These new addresses that we'll be assigning, I'm assuming they have to be on our network per our router. For example, I currently do not have a 10.x network, so I'd have to add that network or could I use something in my 172 range because the remote network does not use that. Also, on the remote side, could they just NAT their IP address to a different address in the same subnet?
ASKER
I forgot this was open. Please close. They changed their IP addresses on the other side.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
You should reference only the portion pertaining to the PIX configuration. This same setup should also work on your ASA.