Solved

Site-Site VPN between Overlapping Networks

Posted on 2014-04-01
4
355 Views
Last Modified: 2014-04-09
Hi,

Pls go through the scenario :


                 Home
                      |
ASA 1 ---- Interent ------ASA2
  |                                            |
192.168.1.0/24                192.168.1.0/24
   |
192.168.1.10/24

from the scenario :

U might have understood that we need a Site-Site VPN tunnel between Same Networks.
i.e 192.168.1.0/24 to 192.168.1.10 server but the server is public NATTed as well with
115.11.226.X.


I have gone through few cisco doc's and found the configuration for POLICY-NAT.

When i di Policy -NAT as the server is Static-Natted , it has taken precedence.

What is the solution on such conditions?

Regards
ramk
0
Comment
Question by:RAMU CH
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
gcl_hk earned 500 total points
ID: 39971073
you should NAT the source on ASA2 for site to site vpn traffic (let's say NAT to 192.168.100.0/24) and create an exempt NAT on ASA1 for traffic 192.168.1.0-10 to 192.168.100.0/24. The exempt NAT rule have a higher priority than static NAT
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39971442
In that case what would be the ACL on ASA2 because you are not natting ASA-1 end
traffic i.e 192.168.1.0 ,

As per your configuration above , ASA-2 will see 192.168.1.0 Network but ASA-2 Lans also
with 192.168.1.0

Pls advice
0
 
LVL 28

Expert Comment

by:asavener
ID: 39976044
Create a secondary address on the server, make sure that only that address shows up in your internal DNS.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39988123
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question