Solved

Need to create a VPN to a Fake Network

Posted on 2013-06-22
5
666 Views
Last Modified: 2013-06-25
I have a Cisco ASA 5520 and I need to estabilish a VPN to a 3rd party.  Our subnets overlap, so I need to have the VPN come into a fake network that I will NAT all the other networks through to get to them.
Insite network:192.168.1.0/24
Remote network:192.168.10.0/24
So I need to creat a fake network on my side, ie 192.168.50.0/24 that the VPN will list in the tunnel.  Then I need to NAT all my internal traffic through to that fake network, so it will go over the VPN.   How do I set that up?
0
Comment
Question by:digital0g1c
  • 2
  • 2
5 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39268418
Why aren't you just using the public IPs through the tunnel?

That way, your inside IPs NAT first and then get encrypted through the VPN.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268428
how would you make that work?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39268438
Two steps:

1) don't create a NAT exemption between the inside networks.

2) specify your public subnet to their private subnet (the encryption domain) in the VPN peer access-list.  let your peer know to use your public IPs at their end since the encryption domains need to be an inverse match.
0
 
LVL 1

Author Comment

by:digital0g1c
ID: 39268448
That makes perfect sense.  Tunnel vision!  no pun intended...   Thanks!
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39274820
btw, you could use the internal IPs and do NAT exemption as well, but it requires that you tell the other side to use a fake network as well.  It's considered a policy NAT or twice NAT type of configuration.  It's ugly but it works and is sadly more common than you might think for the exact problem you're facing.

Cisco Doc Example:  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Lync - CUCM Integration Question 2 28
Palo Alto Networks: Packet Trace Simulator? 2 45
Cannot Delete Sonicwall VPN policy 5 41
Configuring VPN in server 2012 5 18
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question