Configure 2x L2L VPN with same remote VPN peer

senan.alkaaby · July 23, 2017, 6:41am

Hello Rene,

Is it possible to configure 2 L2L VPN with the same remote VPN peer ?

I means i have 3 ASA , (HQ asa , 2 Remotes ASA) .
Remote ASA1 has a local Lan 192.168.1.0/24
Remote ASA2 has a local lan 192.168.1.0/24
HQ ASA has a local lan 10.10.10.0/24

I know source networks for a L2L VPN connection can be identical for every single L2L VPN in my configure. I know Naturally the destination network cant have overlapping.

But how can i configure HQ ASA to connect S2S VPN with two remotes that have the same local IP range ? Because the Firewall will be confused on where need to send the traffic .

Any suggestion please.

Thank you
Senan

ReneMolenaar · August 4, 2017, 8:27am

Hi Senan,

This will cause issues. There is no way for your HQ ASA to differentiate which packets should go to remote SITE 1 or SITE 2.

You could solve this by configuring NAT on one of your remote sites, translating the VPN traffic to HQ.