[c-nsp] best way to get around IPSEC subnet Conflicts.
Roy
r.engehausen at gmail.com
Mon Aug 15 18:05:03 EDT 2011
We use OpenVPN for such tunnels and put a Linux box at the customer
end. That box can do both Source and destination NAT.
On 8/12/2011 12:53 PM, Brent Roberts wrote:
> I am looking for the best way to get around IP conflicts (On the Far Side)
> in fully redundant Hardware solution. I am working in a large Scale Hosted
> application environment and every 5th or so customer has the same RFC1918
> Address that every other small shop has. I have a Pair of ASA 5520's (SEC-K9
> 8.2(2) in A/S) and it seems that I am either missing something or it may not
> be possible due to IPSEC priority. I typically use the SET-Reverse Router
> and redistribute static via OSPF to the L3 Core.
>
>
>
> I was thinking about moving to a 6509 with redundant sup720's and using
> IPSEC AWARE VRF's (1x 7600-SSC-400/2xSPA-IPSEC-2G) to get around this
> limitation. Any feedback on this idea. Negative/Positives of this setup? I
> am only looking to move about 100 meg aggregate of IPSec Traffic.
>
>
>
> Thoughts welcome on and off list.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list