Hi Piotr,
Nopes, its not working... :-(
can somebody help me out .
Regards,
Manoj
On Wed, Oct 7, 2009 at 2:02 PM, Piotr Matusiak <piotr_at_ccie1.com> wrote:
> Hi,
>
> For example on ASA:
> static (inside,outside) 172.16.1.0 10.2.2.0 netmask 255.255.255.0
>
> ACL for crypto should use translated Ip addresses IMO.
>
> This is just a thought, I do not have PIX/ASA in front of me right now
> so I can't check this.
>
> btw: my name is Piotr :)
>
> 2009/10/7 manoj prajapati <manoj4784_at_gmail.com>:
> > Hi Matusiak,
> >
> > You mean to say static NAT with 10.2.2.0 --- 172.16.1.1(different
> > subnet) ??
> > where we need to do ?? on cust1,cust2 or cust3 ?
> >
> > after applying the static nat (inside, outside). so wat will be the ACL
> > entry ??
> > can you please describe in brief.
> >
> > Regards,
> > Manoj
> >
> > On Wed, Oct 7, 2009 at 1:25 PM, Piotr Matusiak <piotr_at_ccie1.com> wrote:
> >
> >> Hi,
> >>
> >> Is there any NAT along in the path?
> >> I think you should perform static NAT on PIX or ASA for all hosts in
> >> 10.2.2.0 network. Then CheckPoint will see different IP addresses from
> >> one direction and there will be no conflict anymore.
> >>
> >> --
> >> Piotr Matusiak
> >> CCIE #19860 (R&S, SEC)
> >>
> >>
> >> 2009/10/7 manoj prajapati <manoj4784_at_gmail.com>:
> >> > Dear Techie,
> >> >
> >> > Having a doubts in Site to site VPN,
> >> >
> >> > I have 3 customer, cust1--- cust2 ---- cust3,
> >> >
> >> > the private ip address is ,
> >> > Cust1 ---- 10.2.2.0 (PIX)
> >> > Cust2 ---- 10.10.10.0 (Checkpoing Nokia)
> >> > Cust3 ---- 10.2.2.0 (ASA)
> >> >
> >> > connectivity is Cust1 ---- Cust2 ---- Cust3
> >> > | | |
> >> > 10.2.2.0 10.10.10.0 10.2.2.0
> >> >
> >> > I want to achive a site to site VPN tunnel between Cust1 -- Cust2 &
> also
> >> > Cust2 -- Cust3 . But, here the cust1 and cust3 having a same private
> ip
> >> > address range. So, when establishing a VPN tunnel in Cust2 with cust2
> to
> >> > cust1 & cust2 to cust 3, there will be a confict between the 10.2.2.0
> >> > series range.
> >> >
> >> > I know that there is an overlapping network. have seen the cisco site
> as
> >> > well
> >> >
> >> >
> >>
> http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
> >> >
> >> > But this is somewhat different scenario as i understand.
> >> >
> >> > Can anyone help me to resolve the issue.
> >> > Thanx
> >> >
> >> > Regards,
> >> > Manoj
> >> >
> >> >
> >> > Blogs and organic groups at http://www.ccie.net
> >> >
> >> >
> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
> --
> Piotr Matusiak
> CCIE #19860 (R&S, SEC)
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 07 2009 - 17:11:00 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART