07-01-2008 04:26 PM - edited 02-21-2020 03:47 PM
I have Cisco ASA on both the locations & wanted to establish site-to-site VPN with the same subnet. Reason behind to setup the same subnet on both the locations is, I am planning to setup a MS-Exchange Server 2000, one as a Primary on Location-A & Secondary in Location-B, this configuration requires to sync each other only when it fall under the same subnet. One server I will be placing it in Location-A & the IP is 192.168.1.1. On Location-B Secondary MS-Exchange IP is 192.168.1.2. requirement, when I ping 192.168.1.2 on Primary Server from Location-A it has to ping on the Location-B's MS-Exchange Server.
Any Idea how to setup same subnet VPN on cisco ASA?
07-04-2008 06:11 AM
Anand,
Never heard of that before, never done it but you could try splitting the subnet up say into /128 then you could have 1 half on site A, the other half on site B.
The routing/VPN devices can handle the traffic. You would just configure a /24 on the server NIC cards, to they would still think they were on the same wire?
HTH.
07-04-2008 07:02 AM
Hey Andrew,
The answer for so excellent. Thank you so much, I never even thought about this. Thank you so much once again.
07-04-2008 07:11 AM
Hey Anand,
Not a problem glad to help - reply to let us know how it goes, and if it works?
07-07-2008 11:00 AM
Andrew,
Though it seems it might work. But there could be routing issue here as the packets will stay on one side of VPN as they will see Site B exchange server to be locally present.
Saju
07-08-2008 06:06 AM
Saju,
I have been on vacation. I'm not sure I understand, of exchange server A is in site A subnet - and exchange server B is in site B subnet - what would see it locally present?
07-08-2008 11:45 AM
what i mean is that if you configure /24 ip address on the Exchange server A and if it needs to talk to exchange server B (which has same subnet ip address /24 ) then those packets will never go beyond gateway(ASA doing IPsec vpn) .
Saju
07-08-2008 11:07 PM
By default "ip proxy-arp" is enabled on routers, if you have not disabled it, the above issue should not be a problem.
07-08-2008 11:48 PM
From my information you cannot do this kind of setup.
Please also remember that on a Cisco device, the connected subnets are having a better administrative distance than static routes. So the router/firewall/switch will not take in consideration a routing for the /24 over the VPN if the /24 is directly connected.
What you can do is enable parts of that /24 over the VPN (as /25, /26 ..../32) and locally configure a subnet also smaller than /24, so that no overlapping is taking place.
Please rate if this helped.
Regards,
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: