SiteA to SiteB IPsec VPN and SiteA to SiteC, but SiteB and SiteC havethe same IP Range

Discussion in 'Cisco' started by googlegroups@ruetsche.com, Nov 17, 2007.

  1. Guest

    Hi Group

    I try to build a 2nd IPSec Tunnel from SiteA to SiteC, but SiteC have
    the same IP Address Range like SiteB:

    SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
    SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
    SiteC: 192.168.33.0/24 / PIX OS 6.3(5)

    The tunnel from A to B is up and runs fine.

    I want to translate to Adresses for the SiteC on the PIX on SiteA
    (192.168.233.0 [SiteA] > 192.168.33.0 [for SiteC]) and i saw this
    example:

    http://www.cisco.com/en/US/partner/...s_configuration_example09186a00808c9950.shtml

    I play arround with this example, but i don't want to translate on the
    PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
    PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
    the connection to SiteB, but i never bring up the tunnel to SiteC.

    Is there anyone who can give me a tip how i need to build the access-
    list and static statement?

    Thank you lot.

    ivo
     
    , Nov 17, 2007
    #1
    1. Advertising

  2. Brian V Guest

    Re: SiteA to SiteB IPsec VPN and SiteA to SiteC, but SiteB and SiteC have the same IP Range

    <> wrote in message
    news:...
    >
    > Hi Group
    >
    > I try to build a 2nd IPSec Tunnel from SiteA to SiteC, but SiteC have
    > the same IP Address Range like SiteB:
    >
    > SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
    > SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
    > SiteC: 192.168.33.0/24 / PIX OS 6.3(5)
    >
    > The tunnel from A to B is up and runs fine.
    >
    > I want to translate to Adresses for the SiteC on the PIX on SiteA
    > (192.168.233.0 [SiteA] > 192.168.33.0 [for SiteC]) and i saw this
    > example:
    >
    > http://www.cisco.com/en/US/partner/...s_configuration_example09186a00808c9950.shtml
    >
    > I play arround with this example, but i don't want to translate on the
    > PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
    > PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
    > the connection to SiteB, but i never bring up the tunnel to SiteC.
    >
    > Is there anyone who can give me a tip how i need to build the access-
    > list and static statement?
    >
    > Thank you lot.
    >
    > ivo
    >


    You need to do the NAT on site C's Pix not site A's.
     
    Brian V, Nov 17, 2007
    #2
    1. Advertising

  3. Guest

    Re: SiteA to SiteB IPsec VPN and SiteA to SiteC, but SiteB and SiteChave the same IP Range

    Thank you Brian

    When i define the NAT on SiteC, it works. Is there no chance to do
    that on SiteA?




    On 17 Nov., 12:53, "Brian V" <> wrote:
    > <> wrote in message
    >
    > news:...
    >
    >
    >
    >
    >
    > > Hi Group

    >
    > > I try to build a 2ndIPSecTunnel fromSiteAtoSiteC, butSiteChave
    > > the same IP Address Range likeSiteB:

    >
    > >SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
    > >SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
    > >SiteC: 192.168.33.0/24 / PIX OS 6.3(5)

    >
    > > The tunnel from A to B is up and runs fine.

    >
    > > I want to translate to Adresses for theSiteCon the PIX onSiteA
    > > (192.168.233.0 [SiteA] > 192.168.33.0 [forSiteC]) and i saw this
    > > example:

    >
    > >http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/product...

    >
    > > I play arround with this example, but i don't want to translate on the
    > > PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
    > > PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
    > > the connection toSiteB, but i never bring up the tunnel toSiteC.

    >
    > > Is there anyone who can give me a tip how i need to build the access-
    > > list and static statement?

    >
    > > Thank you lot.

    >
    > > ivo

    >
    > You need to do the NAT on site C's Pix not site A's.
     
    , Nov 18, 2007
    #3
  4. Brian V Guest

    Re: SiteA to SiteB IPsec VPN and SiteA to SiteC, but SiteB and SiteC have the same IP Range

    <> wrote in message
    news:...
    >
    > Thank you Brian
    >
    > When i define the NAT on SiteC, it works. Is there no chance to do
    > that on SiteA?
    >
    >
    >
    >
    > On 17 Nov., 12:53, "Brian V" <> wrote:
    >> <> wrote in message
    >>
    >> news:...
    >>
    >>
    >>
    >>
    >>
    >> > Hi Group

    >>
    >> > I try to build a 2ndIPSecTunnel fromSiteAtoSiteC, butSiteChave
    >> > the same IP Address Range likeSiteB:

    >>
    >> >SiteA: 192.168.2.0/24 / PIX OS 8.0(2)
    >> >SiteB: 192.168.33.0/24 / PIX OS 6.3(5)
    >> >SiteC: 192.168.33.0/24 / PIX OS 6.3(5)

    >>
    >> > The tunnel from A to B is up and runs fine.

    >>
    >> > I want to translate to Adresses for theSiteCon the PIX onSiteA
    >> > (192.168.233.0 [SiteA] > 192.168.33.0 [forSiteC]) and i saw this
    >> > example:

    >>
    >> >http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/product...

    >>
    >> > I play arround with this example, but i don't want to translate on the
    >> > PixA (SiteA) the 192.168.1.0 to 172.18.1.0, i want to translate on the
    >> > PixA the Address 10.1.0.0 to 172.18.1.0 for example. Sometimes i loos
    >> > the connection toSiteB, but i never bring up the tunnel toSiteC.

    >>
    >> > Is there anyone who can give me a tip how i need to build the access-
    >> > list and static statement?

    >>
    >> > Thank you lot.

    >>
    >> > ivo

    >>
    >> You need to do the NAT on site C's Pix not site A's.

    >


    Not without getting very ugly in the config. I.E. addding an additional
    outside interface to Pix A, moving NAT to the internet router, subnet
    specific routing, etc.... The problem is that Site A has no way to
    differentiate what site gets NAT'd, you have a single "nat (inside,outside)"
    which covers both destination subnets.
     
    Brian V, Nov 18, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joris Deschacht
    Replies:
    0
    Views:
    4,076
    Joris Deschacht
    Oct 16, 2003
  2. mw
    Replies:
    2
    Views:
    3,345
  3. Robert Feinman

    Scene range vs dynamic range

    Robert Feinman, Jun 30, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    711
    Marvin
    Jul 4, 2005
  4. milosh
    Replies:
    0
    Views:
    821
    milosh
    May 22, 2007
  5. pasatealinux
    Replies:
    1
    Views:
    2,123
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page