Solved

Need to create a VPN to a Fake Network

Posted on 2013-06-22
5
670 Views
Last Modified: 2013-06-25
I have a Cisco ASA 5520 and I need to estabilish a VPN to a 3rd party.  Our subnets overlap, so I need to have the VPN come into a fake network that I will NAT all the other networks through to get to them.
Insite network:192.168.1.0/24
Remote network:192.168.10.0/24
So I need to creat a fake network on my side, ie 192.168.50.0/24 that the VPN will list in the tunnel.  Then I need to NAT all my internal traffic through to that fake network, so it will go over the VPN.   How do I set that up?
0
Comment
Question by:digital0g1c
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39268418
Why aren't you just using the public IPs through the tunnel?

That way, your inside IPs NAT first and then get encrypted through the VPN.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268428
how would you make that work?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39268438
Two steps:

1) don't create a NAT exemption between the inside networks.

2) specify your public subnet to their private subnet (the encryption domain) in the VPN peer access-list.  let your peer know to use your public IPs at their end since the encryption domains need to be an inverse match.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268448
That makes perfect sense.  Tunnel vision!  no pun intended...   Thanks!
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39274820
btw, you could use the internal IPs and do NAT exemption as well, but it requires that you tell the other side to use a fake network as well.  It's considered a policy NAT or twice NAT type of configuration.  It's ugly but it works and is sadly more common than you might think for the exact problem you're facing.

Cisco Doc Example:  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question