Solved

Need to create a VPN to a Fake Network

Posted on 2013-06-22
5
665 Views
Last Modified: 2013-06-25
I have a Cisco ASA 5520 and I need to estabilish a VPN to a 3rd party.  Our subnets overlap, so I need to have the VPN come into a fake network that I will NAT all the other networks through to get to them.
Insite network:192.168.1.0/24
Remote network:192.168.10.0/24
So I need to creat a fake network on my side, ie 192.168.50.0/24 that the VPN will list in the tunnel.  Then I need to NAT all my internal traffic through to that fake network, so it will go over the VPN.   How do I set that up?
0
Comment
Question by:digital0g1c
  • 2
  • 2
5 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39268418
Why aren't you just using the public IPs through the tunnel?

That way, your inside IPs NAT first and then get encrypted through the VPN.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268428
how would you make that work?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39268438
Two steps:

1) don't create a NAT exemption between the inside networks.

2) specify your public subnet to their private subnet (the encryption domain) in the VPN peer access-list.  let your peer know to use your public IPs at their end since the encryption domains need to be an inverse match.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268448
That makes perfect sense.  Tunnel vision!  no pun intended...   Thanks!
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39274820
btw, you could use the internal IPs and do NAT exemption as well, but it requires that you tell the other side to use a fake network as well.  It's considered a policy NAT or twice NAT type of configuration.  It's ugly but it works and is sadly more common than you might think for the exact problem you're facing.

Cisco Doc Example:  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
anyconnect password change 2 31
Office 365 vs. In-House 4 80
Cisco universal IOS upgrade from ipbase to ipservices 4 62
Some help with Network Design 4 23
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now