VPN IPSec with ovelapping subnet on ASA and router

Scenario-1 between Cisco routers: –R1——R2–                                          

The NAT configuration on a R1 should be like this:                        

ip nat inside source static network /24

ip nat outside source static network /24

only on one router.

Interesting traffic on R1 should be like this:     

access-list 101 permit ip     

Interesting traffic on R2 should be like this:                         

access-list 101 permit ip

Scenario-2 between Cisco ASA:

On ASA; it’s more AMAZING, you can do it using Manual NAT, i like to call it Conditional NAT; as follow: –ASA-1——ASA-2–

On ASA-1:

object network Site-1


object network Site-1-VPN


object network Site-2-VPN



nat (inside,outside) source static Site-1 Site-1-VPN destination static Site-2-VPN Site-2-VPN

On ASA-2:

object network Site-2


object network Site-2-VPN


object network Site-1-VPN



nat (inside,outside) source static Site-2 Site-2-VPN destination static Site-1-VPN Site-1-VPN

Interesting traffic on ASA-1.

access-list VPN-ACL extended permit ip object Site-1-VPN object Site-2-VPN

Interesting traffic on ASA-2.

access-list VPN-ACL extended permit ip object Site-2-VPN object Site-1-VPN

Categories: Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: