Solved

Site-Site VPN between Overlapping Networks

Posted on 2014-04-01
4
364 Views
Last Modified: 2014-04-09
Hi,

Pls go through the scenario :


                 Home
                      |
ASA 1 ---- Interent ------ASA2
  |                                            |
192.168.1.0/24                192.168.1.0/24
   |
192.168.1.10/24

from the scenario :

U might have understood that we need a Site-Site VPN tunnel between Same Networks.
i.e 192.168.1.0/24 to 192.168.1.10 server but the server is public NATTed as well with
115.11.226.X.


I have gone through few cisco doc's and found the configuration for POLICY-NAT.

When i di Policy -NAT as the server is Static-Natted , it has taken precedence.

What is the solution on such conditions?

Regards
ramk
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
gcl_hk earned 500 total points
ID: 39971073
you should NAT the source on ASA2 for site to site vpn traffic (let's say NAT to 192.168.100.0/24) and create an exempt NAT on ASA1 for traffic 192.168.1.0-10 to 192.168.100.0/24. The exempt NAT rule have a higher priority than static NAT
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39971442
In that case what would be the ACL on ASA2 because you are not natting ASA-1 end
traffic i.e 192.168.1.0 ,

As per your configuration above , ASA-2 will see 192.168.1.0 Network but ASA-2 Lans also
with 192.168.1.0

Pls advice
0
 
LVL 28

Expert Comment

by:asavener
ID: 39976044
Create a secondary address on the server, make sure that only that address shows up in your internal DNS.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39988123
Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5512 LAN Config 16 130
eigrp in site-to-site vpn 4 95
Palo Alto Networks: Can you limit traffic to a specific URL 2 30
Cisco ASA 5510 Question 2 28
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question