[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Site-Site VPN between Overlapping Networks

Posted on 2014-04-01
4
Medium Priority
?
380 Views
Last Modified: 2014-04-09
Hi,

Pls go through the scenario :


                 Home
                      |
ASA 1 ---- Interent ------ASA2
  |                                            |
192.168.1.0/24                192.168.1.0/24
   |
192.168.1.10/24

from the scenario :

U might have understood that we need a Site-Site VPN tunnel between Same Networks.
i.e 192.168.1.0/24 to 192.168.1.10 server but the server is public NATTed as well with
115.11.226.X.


I have gone through few cisco doc's and found the configuration for POLICY-NAT.

When i di Policy -NAT as the server is Static-Natted , it has taken precedence.

What is the solution on such conditions?

Regards
ramk
0
Comment
Question by:RAMU CH
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
gcl_hk earned 1500 total points
ID: 39971073
you should NAT the source on ASA2 for site to site vpn traffic (let's say NAT to 192.168.100.0/24) and create an exempt NAT on ASA1 for traffic 192.168.1.0-10 to 192.168.100.0/24. The exempt NAT rule have a higher priority than static NAT
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39971442
In that case what would be the ACL on ASA2 because you are not natting ASA-1 end
traffic i.e 192.168.1.0 ,

As per your configuration above , ASA-2 will see 192.168.1.0 Network but ASA-2 Lans also
with 192.168.1.0

Pls advice
0
 
LVL 28

Expert Comment

by:asavener
ID: 39976044
Create a secondary address on the server, make sure that only that address shows up in your internal DNS.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39988123
Thanks
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question