×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Network overlap?

Unanswered Question
Aug 10th, 2003
User Badges:

I have 3015 concentrator at HQS and 3002 hardware client at site. We are using 124.15.202.202/16 at concentrator private interfce and 124.15.11.200/16 to hardware client private side.I am running network extension mode on hardware client. My tunnel comes up but i can not ping any thing at HQS private side which is 124.15.x.x/16. When i changed my address scheme at site to 123.x.x.x/16, i am able to ping HQS devices and browse HQS intranet. It works with any address but 124.15.x.x/16. Any idea why i am not able to browse or ping anything at HQS side if i use 124.15.x.x/16 or 24 or etc subnet at site. Thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

When you use 124.15.202.202/16 and 124.15.11.200/16 on netblocks on ends of the same vpn tunnel, you are using the same ip netspace in both locations - 124.15.x.x/16. Nothing will travel through the tunnel because all machines will think that all hosts numbered 124.15.x.x/16 are on the local subnet/network, and thus never hit the vpn device.

altaf007 Mon, 08/11/2003 - 06:50
User Badges:

I even used different netmask at hardware client private interface side but it still did not work. I used /24 at hardware client. Thanks


Yes, but that doesn't matter. If you did not change anything on the HQ side, then all hosts there would continue to think that all hosts in the netblock are directly reachable, and thus those packets will not be sent to the default gateway:


1.2.0.0/16


1.2.0.1 is the default gateway. it has a route to the vpn device making the point to point ipsec tunnel.

1.2.0.2 is a server at HQ.

even if you use 1.2.10.0/24 at the remote site, server 1.2.0.2 will think all hosts in that block are directly accessible as a result of *its* subnet mask being /16 (255.255.0.0), and thus will not send packets for them (1.2.10.0/24)to the default gateway.


Actions

This Discussion