Solved

Cisco ASA Tunnel

Posted on 2010-08-20
11
361 Views
Last Modified: 2012-06-21
Is it possible to use a Cisco ASA 5505 for the following:


172.18.112.0/18(inside)----> 10.1.1.1(outside)-->internet--->10.1.1.2(outside)---->172.18.112.0/18(inside)


We want to extend our current network to a new building for a seasonal warehouse, but I am wondering if I can have that same network over there or if I need a new network over there completely.

thanks!
0
Comment
Question by:dbs0026
  • 3
  • 3
  • 3
  • +1
11 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33485476
No, it is impossible!

I advise to use individual subnets, or use on SITE A the first /19 address and use the second /19 address on  SITE B
0
 

Author Comment

by:dbs0026
ID: 33485814
So you can't even setup a site to site vpn and use it in Transparent mode?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33485849
No, you not able to use same subnet for local and remota address... If you want it I advise to use L2tpV3
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 33486234
"impossible" Oh no!

You need to do  policyNAT of the traffic entering the vpn tunnel.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00808c9950.shtml

/Kvistofta
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33486251
Of course, it is not the same network. You cannot do "bridging", but you can connect two networks with the same addressins by doing address translation.

/Kvistofta
0
 

Author Comment

by:dbs0026
ID: 33486379
So by doing address translation, I can have 172.18.112.0/20 on both my LAN here in the office and on our LAN in the remote warehouse?

There will be a DSL connection for the "outside" interface to set the vpn tunnel up with.
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 33486388
Yes, but you need to "fool" the hosts on each side that the other sides ip adddresses are something else.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33486440
Do you have routers? Or only ASAs?
 how many the bandwith?
0
 

Author Comment

by:dbs0026
ID: 33486559
We only have asa's for this project, I am sure I could come up with some older 2600's though. If I need to put a different subnet on the remote end, I can. My goal was to keep it though the same and just have the Vpn tunnel in between. The traffic going between is minimal, symbol rf scanning guns for product shipping.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36960713
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NAT Public IP through a VPN 17 70
Cisco Edge Routers for BGP 6 52
AnyConnect VPN endpoint authentication/validation 4 17
Password recovery 2960S 4 12
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question