I have a ASA5510 to connect clients to my company. I use a site-to-site IPSec VPN with a variety of vendors on the other side (Cisco, Sonicwall, Zyxel, Checkpoint, etc…).
For every remote LAN, I translate the network client in a single IP address; for instance:
- Client1 192.168.1.0/24 Dynamic PAT (hide) a.b.c.1/24
- Client2 172.16.0.0/16 Dynamic PAT (hide) a.b.c.2/24
- Client3 172.17.4.0/26 Dynamic PAT (hide) a.b.c.3/24
Everything is working fine with the current configuration, but now I have a new client (ClientN) with the same IP addressing as Client1.
I tried "ClientN 192.168.1.0/24 Dynamic PAT (hide) a.b.c.n/24", but when I did it Client1 lost the connection and I had to remove ClientN's network…
Do you have an idea to permit same remote IP addresses to use VPN?
I use ASDM to setup the ASA.
Best Answer
If your ASA supports multiple context you ca try that. This means you will virtualize your ASA. You can have some clients in a context and other in other context.