Solved

Cisco ASA Site to Site - same subnet on both sides

Posted on 2011-03-03
4
1,650 Views
Last Modified: 2012-06-21
Hi Everyone,
I am building a site to site with a customer who has my same internal subnet. My local subnet is 192.168.10.0/24 and so is his. I would like to nat my Internal subnet to something like 172.16.1.10.
In other words, I want to nat my internal network (192.168.10.0) to 172.16.1.10 and present this adress to the remote network.

I rather make the changes using the ASDM. Please let me know if you need more information.

Thank you,
0
Comment
Question by:hectorruiz
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 250 total points
ID: 35032240
This can be done and cisco has a HOW TO right here:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Follow that example and you'll be good to go.
0
 
LVL 6

Assisted Solution

by:alienXeno
alienXeno earned 250 total points
ID: 35034054

You just need to use Policy-NAT on both ends (since you're using cisco firewalls on both ends this is no problem at all).
Basically you translate the LANs on both ends to a different subnet so that there's no overlapping problem and the interesting traffic is between the NATed subnets.

Let's assume this example:

Site A:
10.1.1.0/24 --> NAT to 192.168.1.0/24

Site B:
10.1.1.0/24 --> NAT to 192.168.2.0/24


https://supportforums.cisco.com/message/3241751
https://supportforums.cisco.com/message/3018989

On Site A:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (inside,outside) 192.168.1.0 access-list nat
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

On Site B:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (inside,outside) 192.168.2.0 access-list nat
access-list vpn permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0


0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35304397
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question