Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : LAN-to-LAN VPN with Overlapping Network Addresses

LAN-to-LAN VPN with Overlapping Network Addresses

Dec 31,2009 by alperen

small font medium font large font
image

One of the problems that can be encountered when two firms merge, business partnerships form, or a business extends its network to a vendor is the possibility of overlapping (duplicated) private IP addresses. This section looks at how to configure a VPN Concentrator in a LAN-to-LAN IPSec VPN with overlapping network addresses. The VPN 3000 Concentrator version 3.6 software introduced the enhanced NAT feature that can translate the overlapping networks on each side of the IPSec VPN tunnel.

Figure 16-15 shows the example scenario. The addresses within the clouds are the local addresses, while the addresses below the clouds represent the new translated addresses. Because Dynamic and PAT implementations are only usable for outgoing connections, the translations will have to be static to allow each network’s host to send traffic into the other network.

Click To expand
Figure 16-15: Overlapping network address scenario

Use the following steps to configure the VPN 3000 Concentrator for the Main Office:

  1. Use the Configuration | System | Tunneling Protocols | IPSec | LAN-to-LAN | Add screen to configure the LAN-to-LAN session parameters for a LAN-to-LAN VPN. Figure 16-16 show the Local and Remote Network fields. In the Local Network section, enter 192.168.240.0 in the IP Address field and enter 0.0.0.255 in Wildcard Mask field. In the Remote Network section, enter 192.168.250.0 in the IP Address field and enter 0.0.0.255 in Wildcard Mask field. Click on Apply when finished. The Vendor Concentrator would be a mirror image of these entries.

  2. Use the Configuration | Policy Management | Traffic Management | NAT | LAN-to-LAN Rules | Modify screen, as shown in Figure 16-17, to define the static NAT translations for the Main Office LAN. Check the Static option button in the NAT Type section.Make the following entries in the bottom of the Window, and then click Apply.

    Click To expand
    Figure 16-16: Configuring the local and remote networks

    Click To expand
    Figure 16-17: Defining the translations

     

    Source Network

    Translated Network

    Remote Network

    IP Address row

    192.168.0.0

    192.168.240.0

    192.168.250.0

    Wildcard Mask

    0.0.0.255

    0.0.0.255

    0.0.0.255

  3. The Vendor Concentrator entries would look like this:

     

    Source Network

    Translated Network

    Remote Network

    IP Address row

    192.168.0.0

    192.168.250.0

    192.168.240.0

    Wildcard Mask

    0.0.0.255

    0.0.0.255

    0.0.0.255

  4. Use the Configuration | Policy Management | Traffic Management | NAT | Enable screen, as shown in Figure 16-18, to enable the NAT. Check the LAN-to-LAN Tunnel NAT Rule Enabled check box.Click Apply. The Vendor Concentrator entry would be the same.


1962 times read

Related news
» Adding a Tunnel
by alperen posted on Dec 31,2009
» Configure Network Lists
by alperen posted on Dec 31,2009
» Split Tunneling Policy
by alperen posted on Nov 14,2009
» Setting the Public Interface
by alperen posted on Nov 14,2009
» Initial Configuration
by alperen posted on Nov 14,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.