IP addressing design is a topic that follows every networker from the basic to the architect level of experience. Usually we just pick a random range from RFC1918 and address all the devices. But then VPN happens, and with VPN comes the risk of overlapping. How do we fix overlapping? With NAT of course! In this post I’ll show how to use twice NAT to allow VPN connections with overlapping addresses.
Platform: CISCO2921 IOS version: 15.3(3)M5 Load the anyconnect package on the flash of the router and configure anyconnect client package (be patient, this may take a while…): crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.1.04011-k9.pkg sequence 1 SSLVPN Package SSL-VPN-Client (seq:1): installed successfully Create a virtual template, that’s the interface the VPN clients will attach to: interface Virtual-Template1 ip address 172.31.255.254 255.255.255.0 Create a local pool to assign IP addresses to VPN clients:
Today a customer called to change the IP address of a L2L VPN peer on his Cisco ASA 8.3(2)4. The task can be divided in 3 steps: 1) Get the VPN password. It should be written somewhere in the network documentation, as stated by rule 7, but you know, password sometimes just get lost. 2) Find and update crypto map asa# sh run | b peer 184.108.40.206 You should get a line like