0

I have a number of Cisco site-to-site VPNs between using ASA and Pix devices established for my clients. This is a hosted application and I need for the entire address range on the client's network to be able to hit my site. I've encountered a situation where I have overlapping VPN subnets. Several of my clients share the same internal address space (e.g. 192.168.1.x), so I've only been able to establish a VPN to one of them. What are some workarounds for this issue? Should I look at outside NATing or some way to translate the client IPs? Any other suggestions?

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • Any other suggestions? I can't seem to find a good example of this working. – ewwhite Mar 08 '10 at 00:58
  • Possible solution: http://serverfault.com/questions/548888/connecting-to-a-remote-server-through-openvpn-when-local-network-subnet-conflict/557030#557030 – ErikE Nov 23 '13 at 22:43

1 Answers1

3

Nat would be the traditional solution when the customers have overlapping IPs. Pick an unused subnet on one side and NAT it to an unused subnet on the other side. This may cause problems with some protocols.

Some information on ASA NAT here, but there are plenty of guides on the Internet. http://www.tech21century.com/access-lists-and-nat-on-cisco-asa-firewalls-some-clarifications/

Mark

mfarver
  • 2,576
  • 13
  • 16