I have and its working across about 7 sites currently. Trouble is that the same people that have 192.168.X.X always have the same dinky Firewalls that won't do Source (one-to-one)NAT Across a VPN tunnel. The Setup is heavy outbound (on our side) with a lot of ERP Printing to specific Printers. Already done the multiple inline networks setup as well.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Anton Yurchenko Sent: Monday, August 15, 2011 9:12 AM To: [email protected] Subject: Re: [c-nsp] best way to get around IPSEC subnet Conflicts. Have you considered Source NATing remote side networks? It works fine for most applications. On 8/12/2011 12:53 PM, Brent Roberts wrote: > I am looking for the best way to get around IP conflicts (On the Far > Side) in fully redundant Hardware solution. I am working in a large > Scale Hosted application environment and every 5th or so customer has > the same RFC1918 Address that every other small shop has. I have a > Pair of ASA 5520's (SEC-K9 > 8.2(2) in A/S) and it seems that I am either missing something or it > may not be possible due to IPSEC priority. I typically use the > SET-Reverse Router and redistribute static via OSPF to the L3 Core. > > > > I was thinking about moving to a 6509 with redundant sup720's and > using IPSEC AWARE VRF's (1x 7600-SSC-400/2xSPA-IPSEC-2G) to get > around this limitation. Any feedback on this idea. Negative/Positives > of this setup? I am only looking to move about 100 meg aggregate of IPSec Traffic. > > > > Thoughts welcome on and off list. > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
