07-01-2008 04:26 PM - edited 02-21-2020 03:47 PM
I have Cisco ASA on both the locations & wanted to establish site-to-site VPN with the same subnet. Reason behind to setup the same subnet on both the locations is, I am planning to setup a MS-Exchange Server 2000, one as a Primary on Location-A & Secondary in Location-B, this configuration requires to sync each other only when it fall under the same subnet. One server I will be placing it in Location-A & the IP is 192.168.1.1. On Location-B Secondary MS-Exchange IP is 192.168.1.2. requirement, when I ping 192.168.1.2 on Primary Server from Location-A it has to ping on the Location-B's MS-Exchange Server.
Any Idea how to setup same subnet VPN on cisco ASA?
07-04-2008 06:11 AM
Anand,
Never heard of that before, never done it but you could try splitting the subnet up say into /128 then you could have 1 half on site A, the other half on site B.
The routing/VPN devices can handle the traffic. You would just configure a /24 on the server NIC cards, to they would still think they were on the same wire?
HTH.
07-04-2008 07:02 AM
Hey Andrew,
The answer for so excellent. Thank you so much, I never even thought about this. Thank you so much once again.
07-04-2008 07:11 AM
Hey Anand,
Not a problem glad to help - reply to let us know how it goes, and if it works?
07-07-2008 11:00 AM
Andrew,
Though it seems it might work. But there could be routing issue here as the packets will stay on one side of VPN as they will see Site B exchange server to be locally present.
Saju
07-08-2008 06:06 AM
Saju,
I have been on vacation. I'm not sure I understand, of exchange server A is in site A subnet - and exchange server B is in site B subnet - what would see it locally present?
07-08-2008 11:45 AM
what i mean is that if you configure /24 ip address on the Exchange server A and if it needs to talk to exchange server B (which has same subnet ip address /24 ) then those packets will never go beyond gateway(ASA doing IPsec vpn) .
Saju
07-08-2008 11:07 PM
By default "ip proxy-arp" is enabled on routers, if you have not disabled it, the above issue should not be a problem.
07-08-2008 11:48 PM
From my information you cannot do this kind of setup.
Please also remember that on a Cisco device, the connected subnets are having a better administrative distance than static routes. So the router/firewall/switch will not take in consideration a routing for the /24 over the VPN if the /24 is directly connected.
What you can do is enable parts of that /24 over the VPN (as /25, /26 ..../32) and locally configure a subnet also smaller than /24, so that no overlapping is taking place.
Please rate if this helped.
Regards,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide