Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Tunnel Question: subnet masks

When a L2L tunnel is created do the subnet masks have to match on both ends for the allowed networks that can pass through the tunnel?

Here is what we allow on one end. network-object 10.49.10.0 255.255.255.0

Here is what is allowed on the other end. network-object 10.49.0.0 255.255.0.0

1 REPLY

Re: VPN Tunnel Question: subnet masks

Hi,

The interesting traffic needs to match on both ends to avoid any problems. Therefore both IP and masks need to match on both ends.

It does not make sense to specify a network with a subnet mask on one side and with a different mask on the other end.

Federico.

595
Views
0
Helpful
1
Replies
CreatePlease to create content