Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring VPN with same subnet on both the end

I have Cisco ASA on both the locations & wanted to establish site-to-site VPN with the same subnet. Reason behind to setup the same subnet on both the locations is, I am planning to setup a MS-Exchange Server 2000, one as a Primary on Location-A & Secondary in Location-B, this configuration requires to sync each other only when it fall under the same subnet. One server I will be placing it in Location-A & the IP is 192.168.1.1. On Location-B Secondary MS-Exchange IP is 192.168.1.2. requirement, when I ping 192.168.1.2 on Primary Server from Location-A it has to ping on the Location-B's MS-Exchange Server.

Any Idea how to setup same subnet VPN on cisco ASA?

8 REPLIES

Re: Configuring VPN with same subnet on both the end

Anand,

Never heard of that before, never done it but you could try splitting the subnet up say into /128 then you could have 1 half on site A, the other half on site B.

The routing/VPN devices can handle the traffic. You would just configure a /24 on the server NIC cards, to they would still think they were on the same wire?

HTH.

Re: Configuring VPN with same subnet on both the end

Hey Andrew,

The answer for so excellent. Thank you so much, I never even thought about this. Thank you so much once again.

Re: Configuring VPN with same subnet on both the end

Hey Anand,

Not a problem glad to help - reply to let us know how it goes, and if it works?

Silver

Re: Configuring VPN with same subnet on both the end

Andrew,

Though it seems it might work. But there could be routing issue here as the packets will stay on one side of VPN as they will see Site B exchange server to be locally present.

Saju

Re: Configuring VPN with same subnet on both the end

Saju,

I have been on vacation. I'm not sure I understand, of exchange server A is in site A subnet - and exchange server B is in site B subnet - what would see it locally present?

Silver

Re: Configuring VPN with same subnet on both the end

what i mean is that if you configure /24 ip address on the Exchange server A and if it needs to talk to exchange server B (which has same subnet ip address /24 ) then those packets will never go beyond gateway(ASA doing IPsec vpn) .

Saju

Re: Configuring VPN with same subnet on both the end

By default "ip proxy-arp" is enabled on routers, if you have not disabled it, the above issue should not be a problem.

Re: Configuring VPN with same subnet on both the end

From my information you cannot do this kind of setup.

Please also remember that on a Cisco device, the connected subnets are having a better administrative distance than static routes. So the router/firewall/switch will not take in consideration a routing for the /24 over the VPN if the /24 is directly connected.

What you can do is enable parts of that /24 over the VPN (as /25, /26 ..../32) and locally configure a subnet also smaller than /24, so that no overlapping is taking place.

Please rate if this helped.

Regards,

Daniel

154
Views
0
Helpful
8
Replies
CreatePlease to create content