VPN between two networks with same IP ranges?

Posted on 2007-07-31
Last Modified: 2012-06-21
I have two networks with the same private IP range ( behind PIX firewalls.
The PIX firewalls have IPSec VPN tunnels connecting them.
Changing the IP range is not possible (due to some political limitations).
Is it possible for these two networks to talk?

I'm imagining some sort of NAT function before the VPN tunnel (or before the PIX) to convert one network range from to and then changing the VPN ACLs to look for on the changed side.
Question by:RPPreacher
    LVL 4

    Expert Comment

    Yes NAT should definitely resolve your problem definitely.
    If any assistance required plz provide more details as in the whole network needs to be mapped thats many to 1(outgoing public ip; also use PAT in that case) or is 1 to 1 mapping required.

    LVL 20

    Author Comment

    Would I be able to do the NAT on the PIX (FOS 7.2.2) or would the NAT need to take place prior to the PIX outside interface?
    LVL 4

    Expert Comment

    I have never worked on PIX but i dont see any problem in PIX support for NAT.
    You can use the following link as of now,

    Will get back with more specific info soon..
    LVL 4

    Accepted Solution

    Following link should help as well in configuring NAT on PIX,
    Looks like a very good doc.

    If you are looking for a VPN tunnel NATing using PIX then following link should help you,

    Let me know.
    LVL 32

    Assisted Solution


    Follow the link and it is about overlap between PIX and 3000 Concentrator. Just looking at One PIX's configuration would be enough for you to figure out on the other side since I know you know :-)

    So basically we nat the whole network to another network range on PIX itself and terminate the tunnel on the translated address.


    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now