This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

site-to-site & NAT problem

Hello All

I have the problem, that I have to create a site to site VPN from our Network 192.168.11.x to a single host at 10.1.y.z. Due the fact, that our customer already has a site to site VPN to another customer with the same subnet 192.168.11.x as I have, and I only need unidirectional connection from our subnet 192.168.11.x to their remote host 10.1.y.z I would like to use NAT with the IPSEC VPN. But whatever I try, I don't get any packet to the remote host Is there somewhere an explanation availale, how ASL processes packets from internal Network to IPSEC VPN connections...something like:

LAN Network ==> LAN Interface ==> Packet filter ==> NAT ==> IPSEC Tunnel

Or better, has somebody already created such a site to site VPN using NAT ?

Our FW is ASL 5.204.
My other "normal" IPSEC Connections and my "standard" rules for the whole setup works perfectly. The Tunnel to the mentioned customer is also working fine...

Sascha

This thread was automatically locked due to age.

0 VelvetFog over 20 years ago

[ QUOTE ]
Due the fact, that our customer already has a site to site VPN to another customer with the same subnet 192.168.11.x as I have

[/ QUOTE ]Your customer is likely to have problems routing packets to two different remote locations if they both have 192.168.11.x networks at the end of the VPN tunnel. In the routing table in the customer's PC, there can only be a single routing entry for a 192.168.11.x network. I would suggest renumbering one of the two 192.168.11.x networks to something else.
Cancel
Vote Up 0 Vote Down

Cancel