Do static translations with ACLs to two different ranges on both
sides. Like you said you found the website. How does it not apply to
you?
Sent from handheld.
On Oct 7, 2009, at 7:43 AM, "manoj prajapati" <manoj4784_at_gmail.com>
wrote:
> Hi Piotr,
>
> Nopes, its not working... :-(
> can somebody help me out .
>
>
> Regards,
> Manoj
>
> On Wed, Oct 7, 2009 at 2:02 PM, Piotr Matusiak <piotr_at_ccie1.com>
> wrote:
>
>> Hi,
>>
>> For example on ASA:
>> static (inside,outside) 172.16.1.0 10.2.2.0 netmask 255.255.255.0
>>
>> ACL for crypto should use translated Ip addresses IMO.
>>
>> This is just a thought, I do not have PIX/ASA in front of me right
>> now
>> so I can't check this.
>>
>> btw: my name is Piotr :)
>>
>> 2009/10/7 manoj prajapati <manoj4784_at_gmail.com>:
>>> Hi Matusiak,
>>>
>>> You mean to say static NAT with 10.2.2.0 --- 172.16.1.1(different
>>> subnet) ??
>>> where we need to do ?? on cust1,cust2 or cust3 ?
>>>
>>> after applying the static nat (inside, outside). so wat will be
>>> the ACL
>>> entry ??
>>> can you please describe in brief.
>>>
>>> Regards,
>>> Manoj
>>>
>>> On Wed, Oct 7, 2009 at 1:25 PM, Piotr Matusiak <piotr_at_ccie1.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Is there any NAT along in the path?
>>>> I think you should perform static NAT on PIX or ASA for all hosts
>>>> in
>>>> 10.2.2.0 network. Then CheckPoint will see different IP addresses
>>>> from
>>>> one direction and there will be no conflict anymore.
>>>>
>>>> --
>>>> Piotr Matusiak
>>>> CCIE #19860 (R&S, SEC)
>>>>
>>>>
>>>> 2009/10/7 manoj prajapati <manoj4784_at_gmail.com>:
>>>>> Dear Techie,
>>>>>
>>>>> Having a doubts in Site to site VPN,
>>>>>
>>>>> I have 3 customer, cust1--- cust2 ---- cust3,
>>>>>
>>>>> the private ip address is ,
>>>>> Cust1 ---- 10.2.2.0 (PIX)
>>>>> Cust2 ---- 10.10.10.0 (Checkpoing Nokia)
>>>>> Cust3 ---- 10.2.2.0 (ASA)
>>>>>
>>>>> connectivity is Cust1 ---- Cust2 ---- Cust3
>>>>> | | |
>>>>> 10.2.2.0 10.10.10.0 10.2.2.0
>>>>>
>>>>> I want to achive a site to site VPN tunnel between Cust1 --
>>>>> Cust2 &
>> also
>>>>> Cust2 -- Cust3 . But, here the cust1 and cust3 having a same
>>>>> private
>> ip
>>>>> address range. So, when establishing a VPN tunnel in Cust2 with
>>>>> cust2
>> to
>>>>> cust1 & cust2 to cust 3, there will be a confict between the
>>>>> 10.2.2.0
>>>>> series range.
>>>>>
>>>>> I know that there is an overlapping network. have seen the cisco
>>>>> site
>> as
>>>>> well
>>>>>
>>>>>
>>>>
>> http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml
>>>>>
>>>>> But this is somewhat different scenario as i understand.
>>>>>
>>>>> Can anyone help me to resolve the issue.
>>>>> Thanx
>>>>>
>>>>> Regards,
>>>>> Manoj
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>>
>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> Piotr Matusiak
>> CCIE #19860 (R&S, SEC)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Oct 07 2009 - 07:59:02 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART