Re: VPN Overlapping issue from manoj prajapati on 2009-10-07 (Ccielab archives 10/2009)

From: manoj prajapati <manoj4784_at_gmail.com>
Date: Wed, 7 Oct 2009 13:30:37 +0530

Hi Matusiak,

You mean to say static NAT with 10.2.2.0 --- 172.16.1.1(different
subnet) ??
where we need to do ?? on cust1,cust2 or cust3 ?

after applying the static nat (inside, outside). so wat will be the ACL
entry ??
can you please describe in brief.

Regards,
Manoj

On Wed, Oct 7, 2009 at 1:25 PM, Piotr Matusiak <piotr_at_ccie1.com> wrote:

> Hi,
>
> Is there any NAT along in the path?
> I think you should perform static NAT on PIX or ASA for all hosts in
> 10.2.2.0 network. Then CheckPoint will see different IP addresses from
> one direction and there will be no conflict anymore.
>
> --
> Piotr Matusiak
> CCIE #19860 (R&S, SEC)
>
>
> 2009/10/7 manoj prajapati <manoj4784_at_gmail.com>:
> > Dear Techie,
> >
> > Having a doubts in Site to site VPN,
> >
> > I have 3 customer, cust1--- cust2 ---- cust3,
> >
> > the private ip address is ,
> > Cust1 ---- 10.2.2.0 (PIX)
> > Cust2 ---- 10.10.10.0 (Checkpoing Nokia)
> > Cust3 ---- 10.2.2.0 (ASA)
> >
> > connectivity is Cust1 ---- Cust2 ---- Cust3
> > | | |
> > 10.2.2.0 10.10.10.0 10.2.2.0
> >
> > I want to achive a site to site VPN tunnel between Cust1 -- Cust2 & also
> > Cust2 -- Cust3 . But, here the cust1 and cust3 having a same private ip
> > address range. So, when establishing a VPN tunnel in Cust2 with cust2 to
> > cust1 & cust2 to cust 3, there will be a confict between the 10.2.2.0
> > series range.
> >
> > I know that there is an overlapping network. have seen the cisco site as
> > well
> >
> >
> http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
> >
> > But this is somewhat different scenario as i understand.
> >
> > Can anyone help me to resolve the issue.
> > Thanx
> >
> > Regards,
> > Manoj
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 07 2009 - 13:30:37 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART