VPN IPSEC Subnet Overlapping
tak1987 Newbie ✭
Hi, how are you?
I need to establish a site-2-site VPN IPSEC with a vendor that has the same subnet range, 10.0.0.0/22. I cannot change nothing in vendor firewall.
I cannot find a way to manage this.
How can I manage this with NAT?
Vendor firewall: Cisco ASA
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Hi @tak1987, here is a guide from Sonicwall to SonicWall,
you will have to get the remote side Cisco to do the same on their side also
Hi, @preston, I cannot change nothing on Cisco side. I need something like this: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/phase-2-nat.html
Hi @tak1987 , in that case can't you just change your side to be something like 10.0.4.0/22 then it won't clash ?
Hi @preston, no, this network has a lot of devices. I need to find out an alternative with NAT.
@tak1987 the link provided by @preston should point you in the right direction, because of the overlapping networks both parties have to do NAT. You need to define a Translation Subnet per Side, e.g. 10.0.4.0/22 and 10.0.8.0/22 (or any other range which is not in conflict) and do the NAT for the respective LAN therefor.
IMHO there is no other way around, it's the worst case of conflicting subnets 😀.
I can't tell you any steps necessary on the Cisco side of things, but a Google Search or Cisco Tech might be helpful.