Solved

Site-Site VPN between Overlapping Networks

Posted on 2014-04-01
4
348 Views
Last Modified: 2014-04-09
Hi,

Pls go through the scenario :


                 Home
                      |
ASA 1 ---- Interent ------ASA2
  |                                            |
192.168.1.0/24                192.168.1.0/24
   |
192.168.1.10/24

from the scenario :

U might have understood that we need a Site-Site VPN tunnel between Same Networks.
i.e 192.168.1.0/24 to 192.168.1.10 server but the server is public NATTed as well with
115.11.226.X.


I have gone through few cisco doc's and found the configuration for POLICY-NAT.

When i di Policy -NAT as the server is Static-Natted , it has taken precedence.

What is the solution on such conditions?

Regards
ramk
0
Comment
Question by:RAMU CH
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
gcl_hk earned 500 total points
Comment Utility
you should NAT the source on ASA2 for site to site vpn traffic (let's say NAT to 192.168.100.0/24) and create an exempt NAT on ASA1 for traffic 192.168.1.0-10 to 192.168.100.0/24. The exempt NAT rule have a higher priority than static NAT
0
 
LVL 1

Author Comment

by:RAMU CH
Comment Utility
In that case what would be the ACL on ASA2 because you are not natting ASA-1 end
traffic i.e 192.168.1.0 ,

As per your configuration above , ASA-2 will see 192.168.1.0 Network but ASA-2 Lans also
with 192.168.1.0

Pls advice
0
 
LVL 28

Expert Comment

by:asavener
Comment Utility
Create a secondary address on the server, make sure that only that address shows up in your internal DNS.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
Comment Utility
Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Fiewwall 8 84
Log traffic in Sonicwall 3 31
SonicWall blocking WOL 11 47
Palo Alto Networks Global Protect 2 49
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now