Is it possible to set up a VPN with the same subnet at both ends? For example, router 1 FA0/0 interface IP address 10.1.1.10 255.255.255.0, serial interface 192.168.100.1 255.255.255.0. Router 2 FA0/0 interface 10.1.1.20 255.255.255.0, serial interface 192.168.100.2 255.255.255.0. I need to connect the 10.1.1.x subnet through the 192.168.100.x link to connect a remote office to the main office.
Any help will be greatly appreciated.
Yes, you can do this. Attached is a document that will take you through it step by step.
I just edited the post in which I had stated that you can't do IPSEC when overlapping addresses are in use. Though it's true in a straightforward scenario because of reasons I cited. However, Jon has posted a link that offers a workaround (NAT w/IPSEC) to this problem.
Jon that's a good link you have provided.
You probably do not have a crypto image, it would have k9 embedded in the filename of the IOS, running in the router to do IPSEC. Use software advisor on CCO to select the IOS that supports IPSEC functionality. Here's one that supports IPSEC c2600-jk9s-mz.12.2-46a.
If I recall, and someone correct me if I am wrong. But you will need to have a 2600XM router to support the k9 IOS's. This is due to the memory restrictions on the 2600 routers. They only support a max of 16/64 flash/dram. You will need a 2600XM router in order to upgrade the memory that will be required to download the newer IOS images that support the crypto command set.
Don't have those. Does anybody else have any suggestions?
This whole exercise is an attempt to manage routers across a serial link from a single point of contact. Both sides of the link are on a 10.1.1.x network because of a wireless mesh configuration.
Actually 2621 supports up to 32mb flash. Even if you only have a 16mb flash card there's a workaround available to run a crypto image. Check out this link for the workaround.