RE: VPN Overlapping issue

You could do a show xlate, but at this point from what you've posted, it
should be able to get out to Internet fine. Might want to verify what your
DNS settings are and possibly any inside ACLs.

-ryan

From: manoj prajapati [mailto:manoj4784_at_gmail.com]
Sent: Friday, October 09, 2009 1:10 AM
To: Ryan West
Cc: cisco_at_groupstudy.com; Cisco certification
Subject: Re: VPN Overlapping issue

Hi Ryan,

    Yes, each customer having an individual internet connection,

As mention in your earlier mail, is it necessary to change the cust 2 private
ip address ? coz, cust2 having a different ip range

Here is the config what i have done on PIX,

static (inside,outside) 10.2.3.0 access-list TICTAC
access-list TICTAC permit ip 10.2.2.0 255.255.255.0 10.10.10.0 255.255.255.0

crypto ACL:
access-list crypto permit ip 10.2.3.0 255.255.255.0 10.10.10.0 255.255.255.0

access-list nonat permit ip host 10.2.2.0 255.255.255.0 10.10.10.0
255.255.255.0
nat (inside) 0 access-list nonat

show run | i global|nat|access-list

global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

on the cust2(checkpoint) they have allowed 3 ip's 10.2.3.1, 10.2.3.2 and
10.2.3.3

Regards,
Manoj

On Thu, Oct 8, 2009 at 7:20 PM, Ryan West
<rwest_at_zyedge.com<mailto:rwest_at_zyedge.com>> wrote:
Manoj,

Do each of the customers have their connection to the internet or is cust1
getting Internet via cust2? If cust1 has a connection to the internet, then
you're probably just missing a NAT statement for traffic that doesn't fall
within the NAT access-list profile. You'll also have to define a global for
it as well. If you do have an Internet connection at cust1, please post the
following sanitized output:

show ip
show run | i global|nat|access-list

If it does not have a direct Internet connection, please explain the topology
in greater detail.

-ryan

From: manoj prajapati
[mailto:manoj4784_at_gmail.com<mailto:manoj4784_at_gmail.com>]
Sent: Thursday, October 08, 2009 3:03 AM
To: Ryan West

Cc: cisco_at_groupstudy.com<mailto:cisco_at_groupstudy.com>; Cisco certification
Subject: Re: VPN Overlapping issue

Hi Ryan,

    Very good explanation, Done the same as u have said........

Now i m able to ping the customer end (CUST2)server. But, Unable to browse
internet from Cust1. Is there anything to do with? applied and remove the
nonat statement. nothing is happening

> > the private ip address is ,

> > Cust1 ---- 10.2.2.0 (PIX)
> > Cust2 ---- 10.10.10.0 (Checkpoing Nokia)
> > Cust3 ---- 10.2.2.0 (ASA)
> >
> > connectivity is Cust1 ---- Cust2 ---- Cust3
> > | | |
> > 10.2.2.0 10.10.10.0 10.2.2.0

Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 09 2009 - 09:43:46 ART