Cisco Support Community
Community Member

Overlapping IP address between ezvpn uplink and corp internal network

Hi, all,

We have a lot of employees working from home, for those people, we

send them the small 851Ws configured as an ezvpn client working at NEM

mode, those C851Ws will get private DHCP address from employee's home

router (Linksys, Dlink, Airport, what have you). Since most home

routers default internal IP address is and our corp

internal IP address is, the solution worked perfectly.

Now there is one employee his home router's default internal IP

address is also, the IPsec tunnel came up fine, but computers

behind C851W is painfully slow to access corp servers, I believe the

root cause is that when traffic destined to corp address

reaches C851W, the traffic is not directly sent to IPsec tunnel, in

stead, C851W tries to route it locally.

Is there anyway we can force traffic with destination to go

to IPsec tunnel automatically?



Re: Overlapping IP address between ezvpn uplink and corp interna

I believe you would need to look at the mask, is the corp a /8 network? if so then you will always have painful issues, however if the mask is specific then both networks should be completely different.

Community Member

Re: Overlapping IP address between ezvpn uplink and corp interna

Yes, split-tunnel is pushing /8 to ezvpn clients, it is easier to manage with /8 mask as new networks are constantly being added to corp network.

Re: Overlapping IP address between ezvpn uplink and corp interna

Well for instance remember that connected networks have always an Administrative Distance of 0, so anything directly connected will be preferred all the time, as I can see the only way to fix this would be to change the subnet on the local router. Now also this problem should only be seen to networks or servers that overlaps with the local network on the remote router if the router has also a /8 then this of course will fail but if it a /24 or more specific it should not be a major issue for local hosts on the remote site, but it will be for hosts on the corp site if they all have a /8 net.

CreatePlease to create content