Solved

Cisco ASA Site to Site - same subnet on both sides

Posted on 2011-03-03
4
1,685 Views
Last Modified: 2012-06-21
Hi Everyone,
I am building a site to site with a customer who has my same internal subnet. My local subnet is 192.168.10.0/24 and so is his. I would like to nat my Internal subnet to something like 172.16.1.10.
In other words, I want to nat my internal network (192.168.10.0) to 172.16.1.10 and present this adress to the remote network.

I rather make the changes using the ASDM. Please let me know if you need more information.

Thank you,
0
Comment
Question by:hectorruiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 35032240
This can be done and cisco has a HOW TO right here:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Follow that example and you'll be good to go.
0
 
LVL 6

Assisted Solution

by:alienXeno
alienXeno earned 250 total points
ID: 35034054

You just need to use Policy-NAT on both ends (since you're using cisco firewalls on both ends this is no problem at all).
Basically you translate the LANs on both ends to a different subnet so that there's no overlapping problem and the interesting traffic is between the NATed subnets.

Let's assume this example:

Site A:
10.1.1.0/24 --> NAT to 192.168.1.0/24

Site B:
10.1.1.0/24 --> NAT to 192.168.2.0/24


https://supportforums.cisco.com/message/3241751
https://supportforums.cisco.com/message/3018989

On Site A:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (inside,outside) 192.168.1.0 access-list nat
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

On Site B:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (inside,outside) 192.168.2.0 access-list nat
access-list vpn permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0


0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35304397
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month11 days, 18 hours left to enroll

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question