• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1095
  • Last Modified:

Setup Lan to Lan VPN Tunnel when client networks / address space overlaps

Greetings

We have the following setup

Core Site:
Cisco 2620 as the LAN default gateway
Cisco VPN Concentrator 3005 for VPN Tunnels to our clients

Remote Client Sites:
Cisco Pix 506e Firewalls

The issue is that we have is that we have our first two clients with overlapping address space and we need to do lan to lan tunnels.

Core Site Address Space is 192.168.100.0/24
Client Side Address Space - in this case we have two with 192.168.1.0/24

I have hear that is is possible to NAT the traffic on the Cisco Concentrator outbound to the sites so that we could have
10.10.10.0/24 point to 192.168.1.0/24
and
10.20.20.0/24 point to 192.168.1.0/24

Does anyone have configuration examples or information on how/where to do this on a Cisco VPN 3005? I know how to setup the routes on our router and I am fairly well versed on the concentrator.

Thanks!
0
heliontech
Asked:
heliontech
1 Solution
 
lrmooreCommented:
I would have the remote PIX end do the nat before encryption.

Example:
Nat all traffic matching source 192.168.1.0 going to 10.10.10.0 to 192.168.122.0
Encrypt all traffic matching source 192.168.122.0 going to 10.10.10.0

access-list vpn_nat permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0
static (inside,outside) 192.168.122.0 192.168.1.0 netmask 255.255.255.0 access-list vpn_nat
access-list vpn_to_3005 permit ip 192.168.122.0 255.255.255.0 10.10.10.0 255.255.255.0
crypto map vpnmap 20 match address vpn_to_3005

Concentrator sets 192.168.122.0 as the remote network in the network list

Next customer nats their 192.168.1.0 to 192.168.123.0 in the same manner.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now