[c-nsp] best way to get around IPSEC subnet Conflicts.
Brent Roberts
brentrob at wirezsound.com
Mon Aug 15 12:42:43 EDT 2011
I have and its working across about 7 sites currently. Trouble is that the
same people that have 192.168.X.X always have the same dinky Firewalls that
won't do Source (one-to-one)NAT Across a VPN tunnel. The Setup is heavy
outbound (on our side) with a lot of ERP Printing to specific Printers.
Already done the multiple inline networks setup as well.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Anton Yurchenko
Sent: Monday, August 15, 2011 9:12 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] best way to get around IPSEC subnet Conflicts.
Have you considered Source NATing remote side networks? It works fine for
most applications.
On 8/12/2011 12:53 PM, Brent Roberts wrote:
> I am looking for the best way to get around IP conflicts (On the Far
> Side) in fully redundant Hardware solution. I am working in a large
> Scale Hosted application environment and every 5th or so customer has
> the same RFC1918 Address that every other small shop has. I have a
> Pair of ASA 5520's (SEC-K9
> 8.2(2) in A/S) and it seems that I am either missing something or it
> may not be possible due to IPSEC priority. I typically use the
> SET-Reverse Router and redistribute static via OSPF to the L3 Core.
>
>
>
> I was thinking about moving to a 6509 with redundant sup720's and
> using IPSEC AWARE VRF's (1x 7600-SSC-400/2xSPA-IPSEC-2G) to get
> around this limitation. Any feedback on this idea. Negative/Positives
> of this setup? I am only looking to move about 100 meg aggregate of IPSec
Traffic.
>
>
>
> Thoughts welcome on and off list.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list