Site to Site VPN duplicate subnets

Discussion in 'Hardware' started by chuckbudreau, Oct 15, 2009.

  1. chuckbudreau

    chuckbudreau

    Joined:
    Jul 24, 2007
    Messages:
    7
    I hope someone has an easy answer for this....

    We're trying to setup a Site to Site VPN between our office and a hospital.
    The hospital already has a Site to Site VPN setup with another host using the same local subnet as we use. They are not able to get the other host to change their configuration. We have dozens of other Site to Site VPNs up and running... so we can't easily change ours.

    Any ideas?

    thanks!

    --chuck
    chuckbudreau, Oct 15, 2009
    #1
    1. Advertising

  2. chuckbudreau

    L8ians

    Joined:
    Jul 7, 2009
    Messages:
    8
    To establish a site to site VPN
    the local subnet of your office and the hospital can not be the same.
    the local subnet on both ends should be different.
    L8ians, Oct 17, 2009
    #2
    1. Advertising

  3. chuckbudreau

    L8ians

    Joined:
    Jul 7, 2009
    Messages:
    8
    we can also apply NAT and check if it works.
    L8ians, Oct 18, 2009
    #3
  4. chuckbudreau

    chuckbudreau

    Joined:
    Jul 24, 2007
    Messages:
    7
    If I do NAT for this connection it will break all of my other connections. That would be just almost as bad as changing my local subnet. Unless there's a way to do NAT for only one connection?

    --chuck
    chuckbudreau, Oct 19, 2009
    #4
  5. chuckbudreau

    L8ians

    Joined:
    Jul 7, 2009
    Messages:
    8
    Thats true....
    can you give me the model no of both the VPN routers? so that i can check it out of any possible configuration.
    L8ians, Oct 21, 2009
    #5
  6. chuckbudreau

    chuckbudreau

    Joined:
    Jul 24, 2007
    Messages:
    7
    I posted this on another forum and they suggested I use a Policy NAT to achieve the results I'm looking for. After reviewing the suggestion it looks good.

    Here's what they came up with...

    access-list POLICY_NAT permit ip host 192.1.1.6 10.1.1.0 255.255.255.0
    static (inside,outside) 10.1.2.6 access-list POLICY_NAT


    where 192.1.1.6 is my inside address, 10.1.1.0 is the remote LAN Network, and 10.1.2.6 is the new NAT'd address.

    I'm going to try to implement this today.

    Thanks for the suggestions.

    --chuck
    chuckbudreau, Oct 22, 2009
    #6
  7. chuckbudreau

    chuckbudreau

    Joined:
    Jul 24, 2007
    Messages:
    7
    As a follow-up for anyone trying this... It works!

    The only issue is that since I have a PIX 506E the GUI interface on the PIX does not support Policy NAT. Once you enter a Policy NAT on the PIX it disables the Configuration options in the GUI(PDM) interface. So if you are up on your CLI you're going to have fun trying to do further changes to the configuration on the PIX.

    Thanks for the input guys!

    --chuck
    chuckbudreau, Oct 22, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oliver
    Replies:
    2
    Views:
    1,574
    Oliver
    Nov 13, 2003
  2. Christian Knoblauch

    DMVPN and duplicate subnets

    Christian Knoblauch, Dec 23, 2003, in forum: Cisco
    Replies:
    0
    Views:
    611
    Christian Knoblauch
    Dec 23, 2003
  3. CC
    Replies:
    4
    Views:
    4,701
  4. Evolution
    Replies:
    1
    Views:
    1,043
    olivier.martin@gmail.com
    Dec 3, 2005
  5. jfalken@socket.net
    Replies:
    4
    Views:
    1,423
    Trendkill
    Aug 29, 2008
Loading...

Share This Page