Re: vpn lan2lan having same subnet at both ends

From: Chad Hintz (ccie_2b2004@yahoo.com)
Date: Thu May 19 2005 - 14:32:48 GMT-3

• Next message: marvin greenlee: "RE: vpn lan2lan having same subnet at both ends"
• Previous message: fferrer10@vodafone.es: "vpn lan2lan having same subnet at both ends"
• Maybe in reply to: fferrer10@vodafone.es: "vpn lan2lan having same subnet at both ends"
• Next in thread: marvin greenlee: "RE: vpn lan2lan having same subnet at both ends"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If this is on the pix allow the inside subnets to be natted to your outside address on each side.
Then for the acl applied to the crypto map you will have permit ip host (remote side 1 outside ip) host (remote 2 outside ip). Basically you just do not create a nat 0 acl, and allow the inside subnets to be natted to the PAT address, and build the tunnel that way. Is this on a pix?
 
HTH,
 
Chad

fferrer10@vodafone.es wrote:
Hi Group:

Is there any way to configure a lan to lan ipsec tunnel through
internet, if you like to connect two remote sites that have the same
subnet ip address on the inside?

I know it is better to have different subnets at both ends to avoid
problems, but i think that if you are doing "double natting" (nat at
the inside and at the outside) on one of the ends, maybe you can
configure this vpn... Has anyone tried it and can provide some help?

TIA

• Next message: marvin greenlee: "RE: vpn lan2lan having same subnet at both ends"
• Previous message: fferrer10@vodafone.es: "vpn lan2lan having same subnet at both ends"
• Maybe in reply to: fferrer10@vodafone.es: "vpn lan2lan having same subnet at both ends"
• Next in thread: marvin greenlee: "RE: vpn lan2lan having same subnet at both ends"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3