Link to home
Start Free TrialLog in
Avatar of dbs0026
dbs0026

asked on

Cisco ASA Tunnel

Is it possible to use a Cisco ASA 5505 for the following:


172.18.112.0/18(inside)----> 10.1.1.1(outside)-->internet--->10.1.1.2(outside)---->172.18.112.0/18(inside)


We want to extend our current network to a new building for a seasonal warehouse, but I am wondering if I can have that same network over there or if I need a new network over there completely.

thanks!
Avatar of Istvan Kalmar
Istvan Kalmar
Flag of Hungary image
No, it is impossible!

I advise to use individual subnets, or use on SITE A the first /19 address and use the second /19 address on  SITE B
Avatar of dbs0026
dbs0026

ASKER

So you can't even setup a site to site vpn and use it in Transparent mode?
Avatar of Istvan Kalmar
Istvan Kalmar
Flag of Hungary image
No, you not able to use same subnet for local and remota address... If you want it I advise to use L2tpV3
ASKER CERTIFIED SOLUTION
Avatar of Jimmy Larsson, CISSP, CEH
Jimmy Larsson, CISSP, CEH
Flag of Sweden image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jimmy Larsson, CISSP, CEH
Jimmy Larsson, CISSP, CEH
Flag of Sweden image
Of course, it is not the same network. You cannot do "bridging", but you can connect two networks with the same addressins by doing address translation.

/Kvistofta
Avatar of dbs0026
dbs0026

ASKER

So by doing address translation, I can have 172.18.112.0/20 on both my LAN here in the office and on our LAN in the remote warehouse?

There will be a DSL connection for the "outside" interface to set the vpn tunnel up with.
Avatar of Jimmy Larsson, CISSP, CEH
Jimmy Larsson, CISSP, CEH
Flag of Sweden image
Yes, but you need to "fool" the hosts on each side that the other sides ip adddresses are something else.
Avatar of Istvan Kalmar
Istvan Kalmar
Flag of Hungary image
Do you have routers? Or only ASAs?
 how many the bandwith?
Avatar of dbs0026
dbs0026

ASKER

We only have asa's for this project, I am sure I could come up with some older 2600's though. If I need to put a different subnet on the remote end, I can. My goal was to keep it though the same and just have the Vpn tunnel in between. The traffic going between is minimal, symbol rf scanning guns for product shipping.
Avatar of Ernie Beek
Ernie Beek
Flag of Netherlands image
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.