Solved

Cisco ASA Site to Site - same subnet on both sides

Posted on 2011-03-03
4
1,627 Views
Last Modified: 2012-06-21
Hi Everyone,
I am building a site to site with a customer who has my same internal subnet. My local subnet is 192.168.10.0/24 and so is his. I would like to nat my Internal subnet to something like 172.16.1.10.
In other words, I want to nat my internal network (192.168.10.0) to 172.16.1.10 and present this adress to the remote network.

I rather make the changes using the ASDM. Please let me know if you need more information.

Thank you,
0
Comment
Question by:hectorruiz
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 35032240
This can be done and cisco has a HOW TO right here:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Follow that example and you'll be good to go.
0
 
LVL 6

Assisted Solution

by:alienXeno
alienXeno earned 250 total points
ID: 35034054

You just need to use Policy-NAT on both ends (since you're using cisco firewalls on both ends this is no problem at all).
Basically you translate the LANs on both ends to a different subnet so that there's no overlapping problem and the interesting traffic is between the NATed subnets.

Let's assume this example:

Site A:
10.1.1.0/24 --> NAT to 192.168.1.0/24

Site B:
10.1.1.0/24 --> NAT to 192.168.2.0/24


https://supportforums.cisco.com/message/3241751
https://supportforums.cisco.com/message/3018989

On Site A:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (inside,outside) 192.168.1.0 access-list nat
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

On Site B:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (inside,outside) 192.168.2.0 access-list nat
access-list vpn permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0


0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35304397
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now