Double NAT/Twice NAT VPN Setup

Please help with configuration of a Double NAT VPN


Diagram of the VPN Network
Client A has a Site to Site VPN to Client B
Client A will soon have a Vlan in it's network to Client C
Client A and C have the same Subnet, and changing them is non optional. (192.168.0.0/24)

I need to reconfigure the VPN so that there is no longer a conflict.

Client A will send traffic to new remote network 10.255.255.0/24
Client B will NAT traffic from 10.255.255.0/24 to 192.168.0.0/24 and Vica-versa on it's way back to Client A

Client B is running Cisco ASA 8.2
Client A is running a Sonicwall TZ210 (or similar)

I need assistance with configurations for the Cisco ASA... I speculate the Sonicwall will just update the remote network details for IPSec.
GrayconAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel HelgenbergerCommented:
Hello,
please have a look on this recent (ongoing) thread:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28253197.html#a39554501

Exactly the same. The consensus so far is not to use the quite complicated dual FW setup any more but one next gen firewall.

But your question is answerd here:
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28253197.html#a39535804
0
Jan SpringerCommented:
When connecting two internal networks on the same subnet via a VPN, perform NAT through the VPN tunnel so that the conversation between the two networks is: public network to private network.
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The SonicWall just needs to NAT 10.255.255.0/24 to 192.168.0.0/24, forcing to the VPN tunnel. The answers come back from 192.168.0.0/24, and are translated to 10.255.255.0/24 again if arriving via the tunnel.
Packets from/to 192.168.0.0 on A/C network will not get translated.

That way, nothing has to be done on the ASA side, only SonicWall needs to perform destination NAT.
0
fgasimzadeCommented:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b37d0b.shtml

Here a guide for VPN with overlapping networks. But you would need to configure NAT on the Sonicwall as well
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Any update on this?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.