asked on

Cisco ASA site to site VPN with public IP address configured as local subnet

Hi. Got a cisco ASA 5505 that we need to set up a VPN to another site (SITE2). The issue is that Site2 already has a VPN to another site that has the same subnet as ours. We have been advised that SITE2 will allow our external IP address through the VPN tunnel instead of our local subnet. We need to NAT out local clients pcs (172.16.1.x) to our external IP address.

What commands will we need to do this? Running v9.2

Thanks,

bbao

you may use below command or something like to map your an internal IP to its corresponding external IP, for example to map 172.16.1.12 to 209.165.201.12.

static (inside,outside) 209.165.201.12 172.16.1.12 netmask 255.255.255.255

Open in new window

but for it does make sense if you do this way. as for any site-to-site VPN, you do need a set of internal IPs behind a public IP (the VPN gateway). except you have an additional public IP as the VPN gateway (not in the subnet for above mapped public IPs), it won't work like site-to-site VPN.

does it help?

Pete Long

This is very common, I get this all the time, so much that I wrote it up :)

Cisco ASA: VPNs With Overlapping Subnets

Pete

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.