PIX-PIX Site-to-Site VPN - SAME INTERNAL CLASS C's

[rb1kenobi]

Hey all.
I've got an interesting scenario.
I'm quite experienced in site-to-site vpn's with the Pix.
However, I now have a situation where I want to connect to sites which are using the SAME internal Class "C" (192.168.1.x of course!)
For reasons I won't get into, changing the internal networks is not an option.
I'm thinking I could do some funky NAT translation on one side? I'm used to NOT NAT'ing VPN traffic for obvious reasons. Has anyone tried this before? Am I on glue?? Any advice, sample configs appreciated.

Thanks!

 

[wirelesspeap]

Hi,
You have to perform "double NAT" on both end of the
tunnels. It is a pain in the ass to setup. I've setup
quite a few and if you're not careful, you can bring down
your network altogether.

I would strongly suggest that you throw away the Pix
firewall and go with Checkpoint Firewall. Setting up
site-to-site VPN, especially with the same Internal address
on both end is much easier with Checkpoint than with Cisco
Pix firewall. Cisco Pix is overrated and it just sucks.

Pix 7.x is a big improvement from 6.3.x but it stills
sucks in comparision to Checkpoint.

my 2c.

wirelesspeap
CCIE Security