VPN
Configuring a Site-to-Site VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide
Figure 4 Networking Example that Simulates Two Merging Companies
with the Same IP Addressing Scheme
In this example, when the host 172. 1 6. 1 .2 at Site A accesses the same
IP-addressed host at Site B, it connects to a 172. 1 9. 1 .2 address rather than to
the actual 172. 1 6. 1 .2 address. When the host at Site B to access Site A, it
connects to a 172. 1 8. 1 .2 address. NAT on Router A translates any 172. 1 6.x.x
address to look like the matching 172. 1 8.x.x host entry. NAT on the ISA500
changes 172. 1 6.x.x to look like 172. 1 9.x.x.
NOTE: This configuration only allows the two networks to communicate. It
does not allow for Internet connectivity. You need additional paths to the
Internet for connectivity to locations other than the two sites; in other words,
you need to add another router or firewall on each side, with multiple routes
configured on the hosts.
•
IKE Policy: Choose the IKE policy used for the IPsec VPN policy. You can
click IKE Policy Link to maintain the IKE policies, but save your settings on
this page first.
•
Transform: Choose the transform set used for the IPsec VPN policy. You can
click Transform Link to maintain the transform policies, but save your
settings on this page first.
172.16.1.2
Site A
172.16.1.1
Router A
NAT pool
10.5.76.58
172.18.x.x
NAT pool
172.19.x.x
10.5.76.57
ISA500
172.16.1.1
Site B
172.16.1.2
8
297