Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Overlapping subnet mask in VPN configuration

Hi ,

I have one VPN configured over Pix 506-e 6.3(4) for a site with remolte local network is 192.168.128.0 255.255.255.0.

Now I have told to configure new VPN for another site for that the remote LAN is 192.168.128.0 255.255.252.0

When I configured this VPN no traffic was generated and no VPN tunnel created for New Site(192.168.128.0/22) .

I found that a tunnel created for Old site(192.168.128.0/24) and all packets are going on this route.

Is this due to overlapping of remote LAN or I have missed some ACL configuration.?

Please help me on this.

Many thanks in Advance.

Siddhartha

2 REPLIES
Cisco Employee

Re: Overlapping subnet mask in VPN configuration

Siddhartha,

You have not missed anything. This is expected behavior with overlapping subnet and this configuration is not supported in VPN for the very same reason that you are experiencing.

The best workaround would be, to have one of the remote site NAT their source IP when tunneling traffic to your network. So, you can build the L2L Tunnel based upon the NATed IP Address.

Similar Configuration:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml

I hope it helps.

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: Overlapping subnet mask in VPN configuration

Hi Arul,

Thanks a lot for help.

Siddhartha

426
Views
8
Helpful
2
Replies
CreatePlease to create content