Cisco ASA Tunnel

Is it possible to use a Cisco ASA 5505 for the following:


172.18.112.0/18(inside)----> 10.1.1.1(outside)-->internet--->10.1.1.2(outside)---->172.18.112.0/18(inside)


We want to extend our current network to a new building for a seasonal warehouse, but I am wondering if I can have that same network over there or if I need a new network over there completely.

thanks!
dbs0026Asked:
Who is Participating?
 
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
"impossible" Oh no!

You need to do  policyNAT of the traffic entering the vpn tunnel.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

/Kvistofta
0
 
Istvan KalmarHead of IT Security Division Commented:
No, it is impossible!

I advise to use individual subnets, or use on SITE A the first /19 address and use the second /19 address on  SITE B
0
 
dbs0026Author Commented:
So you can't even setup a site to site vpn and use it in Transparent mode?
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Istvan KalmarHead of IT Security Division Commented:
No, you not able to use same subnet for local and remota address... If you want it I advise to use L2tpV3
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Of course, it is not the same network. You cannot do "bridging", but you can connect two networks with the same addressins by doing address translation.

/Kvistofta
0
 
dbs0026Author Commented:
So by doing address translation, I can have 172.18.112.0/20 on both my LAN here in the office and on our LAN in the remote warehouse?

There will be a DSL connection for the "outside" interface to set the vpn tunnel up with.
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Yes, but you need to "fool" the hosts on each side that the other sides ip adddresses are something else.
0
 
Istvan KalmarHead of IT Security Division Commented:
Do you have routers? Or only ASAs?
 how many the bandwith?
0
 
dbs0026Author Commented:
We only have asa's for this project, I am sure I could come up with some older 2600's though. If I need to put a different subnet on the remote end, I can. My goal was to keep it though the same and just have the Vpn tunnel in between. The traffic going between is minimal, symbol rf scanning guns for product shipping.
0
 
Ernie BeekExpertCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.