• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1095
  • Last Modified:

Setup Lan to Lan VPN Tunnel when client networks / address space overlaps


We have the following setup

Core Site:
Cisco 2620 as the LAN default gateway
Cisco VPN Concentrator 3005 for VPN Tunnels to our clients

Remote Client Sites:
Cisco Pix 506e Firewalls

The issue is that we have is that we have our first two clients with overlapping address space and we need to do lan to lan tunnels.

Core Site Address Space is
Client Side Address Space - in this case we have two with

I have hear that is is possible to NAT the traffic on the Cisco Concentrator outbound to the sites so that we could have point to
and point to

Does anyone have configuration examples or information on how/where to do this on a Cisco VPN 3005? I know how to setup the routes on our router and I am fairly well versed on the concentrator.

1 Solution
I would have the remote PIX end do the nat before encryption.

Nat all traffic matching source going to to
Encrypt all traffic matching source going to

access-list vpn_nat permit ip
static (inside,outside) netmask access-list vpn_nat
access-list vpn_to_3005 permit ip
crypto map vpnmap 20 match address vpn_to_3005

Concentrator sets as the remote network in the network list

Next customer nats their to in the same manner.

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now