Solved

Site-Site VPN between Overlapping Networks

Posted on 2014-04-01
4
360 Views
Last Modified: 2014-04-09
Hi,

Pls go through the scenario :


                 Home
                      |
ASA 1 ---- Interent ------ASA2
  |                                            |
192.168.1.0/24                192.168.1.0/24
   |
192.168.1.10/24

from the scenario :

U might have understood that we need a Site-Site VPN tunnel between Same Networks.
i.e 192.168.1.0/24 to 192.168.1.10 server but the server is public NATTed as well with
115.11.226.X.


I have gone through few cisco doc's and found the configuration for POLICY-NAT.

When i di Policy -NAT as the server is Static-Natted , it has taken precedence.

What is the solution on such conditions?

Regards
ramk
0
Comment
Question by:RAMU CH
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
gcl_hk earned 500 total points
ID: 39971073
you should NAT the source on ASA2 for site to site vpn traffic (let's say NAT to 192.168.100.0/24) and create an exempt NAT on ASA1 for traffic 192.168.1.0-10 to 192.168.100.0/24. The exempt NAT rule have a higher priority than static NAT
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39971442
In that case what would be the ACL on ASA2 because you are not natting ASA-1 end
traffic i.e 192.168.1.0 ,

As per your configuration above , ASA-2 will see 192.168.1.0 Network but ASA-2 Lans also
with 192.168.1.0

Pls advice
0
 
LVL 28

Expert Comment

by:asavener
ID: 39976044
Create a secondary address on the server, make sure that only that address shows up in your internal DNS.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39988123
Thanks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question