Setup Lan to Lan VPN Tunnel when client networks / address space overlaps


We have the following setup

Core Site:
Cisco 2620 as the LAN default gateway
Cisco VPN Concentrator 3005 for VPN Tunnels to our clients

Remote Client Sites:
Cisco Pix 506e Firewalls

The issue is that we have is that we have our first two clients with overlapping address space and we need to do lan to lan tunnels.

Core Site Address Space is
Client Side Address Space - in this case we have two with

I have hear that is is possible to NAT the traffic on the Cisco Concentrator outbound to the sites so that we could have point to
and point to

Does anyone have configuration examples or information on how/where to do this on a Cisco VPN 3005? I know how to setup the routes on our router and I am fairly well versed on the concentrator.

Who is Participating?
lrmooreConnect With a Mentor Commented:
I would have the remote PIX end do the nat before encryption.

Nat all traffic matching source going to to
Encrypt all traffic matching source going to

access-list vpn_nat permit ip
static (inside,outside) netmask access-list vpn_nat
access-list vpn_to_3005 permit ip
crypto map vpnmap 20 match address vpn_to_3005

Concentrator sets as the remote network in the network list

Next customer nats their to in the same manner.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.