Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA Site to Site - same subnet on both sides

Posted on 2011-03-03
4
Medium Priority
?
1,701 Views
Last Modified: 2012-06-21
Hi Everyone,
I am building a site to site with a customer who has my same internal subnet. My local subnet is 192.168.10.0/24 and so is his. I would like to nat my Internal subnet to something like 172.16.1.10.
In other words, I want to nat my internal network (192.168.10.0) to 172.16.1.10 and present this adress to the remote network.

I rather make the changes using the ASDM. Please let me know if you need more information.

Thank you,
0
Comment
Question by:hectorruiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 1000 total points
ID: 35032240
This can be done and cisco has a HOW TO right here:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

Follow that example and you'll be good to go.
0
 
LVL 6

Assisted Solution

by:alienXeno
alienXeno earned 1000 total points
ID: 35034054

You just need to use Policy-NAT on both ends (since you're using cisco firewalls on both ends this is no problem at all).
Basically you translate the LANs on both ends to a different subnet so that there's no overlapping problem and the interesting traffic is between the NATed subnets.

Let's assume this example:

Site A:
10.1.1.0/24 --> NAT to 192.168.1.0/24

Site B:
10.1.1.0/24 --> NAT to 192.168.2.0/24


https://supportforums.cisco.com/message/3241751
https://supportforums.cisco.com/message/3018989

On Site A:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
static (inside,outside) 192.168.1.0 access-list nat
access-list vpn permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

On Site B:
access-list nat permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
static (inside,outside) 192.168.2.0 access-list nat
access-list vpn permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0


0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35304397
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question