Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

VPN on cisco ASA 5510 with multiple remote sites with same IP segment.

Posted on 2009-07-12
8
520 Views
Last Modified: 2012-05-07
We are going to have 10 remote sites connect to us for a L2L VPN to access data at our location. We have no control over the remote sites, and my guess is most will br 192.168.1.x IP range. How can we make this work?? Remember, I have no control over the remote sites, so any natting will have to be done on my side.
0
Comment
Question by:advizex_tech
  • 3
  • 2
8 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24835644
HI,

It is a problem! In my opinion you not eble to do this via L2L, better way to use VPN server and remote sites computer connect with wpn client!

Best Regards,
Istvan
0
 

Author Comment

by:advizex_tech
ID: 24835779
That's not an option we can use.
0
 
LVL 7

Accepted Solution

by:
clonga13 earned 500 total points
ID: 24863664
You would need to configure NATing for overlapping networks. You would NAT their traffic to a specific IP or subnet on your end. Their networks wouldn't matter. Here is an example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 24863736
Hi,

If you want to make an IPSEC tunnel you must add source and destinaton address, how can you say it to the router if the source and the destination address are same?
0
 
LVL 7

Assisted Solution

by:clonga13
clonga13 earned 500 total points
ID: 24863831
Because you would be NATing the addresses on your end. For example, if all of your sites use 192.168.1.0 as their subnet, you would NAT site A to 10.1.0.0, site B to 10.2.0.0, site C to 10.3.0.0 and use these new subnets to write the access lists for your crypto maps.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 26163717
HI, Qlemo

Nobody added the that the asker want, so In this case In my opinion I would like to split with clonga13 the points....
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA two factor VPN 3 60
Gateway Resilience 4 61
Static route question 6 51
Need to find Cloud based VPN / SD WAN / Central Authentication system 6 34
Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question