VPN on cisco ASA 5510 with multiple remote sites with same IP segment.

We are going to have 10 remote sites connect to us for a L2L VPN to access data at our location. We have no control over the remote sites, and my guess is most will br 192.168.1.x IP range. How can we make this work?? Remember, I have no control over the remote sites, so any natting will have to be done on my side.
advizex_techAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
HI,

It is a problem! In my opinion you not eble to do this via L2L, better way to use VPN server and remote sites computer connect with wpn client!

Best Regards,
Istvan
0
advizex_techAuthor Commented:
That's not an option we can use.
0
clonga13Commented:
You would need to configure NATing for overlapping networks. You would NAT their traffic to a specific IP or subnet on your end. Their networks wouldn't matter. Here is an example:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Webinar: What were the top threats in Q2 2018?

Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that describes and analyzes the top threat trends impacting companies around the world. Are you ready to learn more about the top threats of Q2 2018? Register for our Sept. 26th webinar to learn more!

Istvan KalmarHead of IT Security Division Commented:
Hi,

If you want to make an IPSEC tunnel you must add source and destinaton address, how can you say it to the router if the source and the destination address are same?
0
clonga13Commented:
Because you would be NATing the addresses on your end. For example, if all of your sites use 192.168.1.0 as their subnet, you would NAT site A to 10.1.0.0, site B to 10.2.0.0, site C to 10.3.0.0 and use these new subnets to write the access lists for your crypto maps.
0
Istvan KalmarHead of IT Security Division Commented:
HI, Qlemo

Nobody added the that the asker want, so In this case In my opinion I would like to split with clonga13 the points....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.