Configuring VPN with same subnet on both the end

Unanswered Question
Jul 1st, 2008

I have Cisco ASA on both the locations & wanted to establish site-to-site VPN with the same subnet. Reason behind to setup the same subnet on both the locations is, I am planning to setup a MS-Exchange Server 2000, one as a Primary on Location-A & Secondary in Location-B, this configuration requires to sync each other only when it fall under the same subnet. One server I will be placing it in Location-A & the IP is On Location-B Secondary MS-Exchange IP is requirement, when I ping on Primary Server from Location-A it has to ping on the Location-B's MS-Exchange Server.

Any Idea how to setup same subnet VPN on cisco ASA?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


Never heard of that before, never done it but you could try splitting the subnet up say into /128 then you could have 1 half on site A, the other half on site B.

The routing/VPN devices can handle the traffic. You would just configure a /24 on the server NIC cards, to they would still think they were on the same wire?


Anand S Fri, 07/04/2008 - 07:02

Hey Andrew,

The answer for so excellent. Thank you so much, I never even thought about this. Thank you so much once again.

singhsaju Mon, 07/07/2008 - 11:00


Though it seems it might work. But there could be routing issue here as the packets will stay on one side of VPN as they will see Site B exchange server to be locally present.


singhsaju Tue, 07/08/2008 - 11:45

what i mean is that if you configure /24 ip address on the Exchange server A and if it needs to talk to exchange server B (which has same subnet ip address /24 ) then those packets will never go beyond gateway(ASA doing IPsec vpn) .


Daniel Voicu Tue, 07/08/2008 - 23:48

From my information you cannot do this kind of setup.

Please also remember that on a Cisco device, the connected subnets are having a better administrative distance than static routes. So the router/firewall/switch will not take in consideration a routing for the /24 over the VPN if the /24 is directly connected.

What you can do is enable parts of that /24 over the VPN (as /25, /26 ..../32) and locally configure a subnet also smaller than /24, so that no overlapping is taking place.

Please rate if this helped.




This Discussion