https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690514#M1062890 <HTML><HEAD></HEAD><BODY><P>Siddhartha,</P><P></P><P>You have not missed anything. This is expected behavior with overlapping subnet and this configuration is not supported in VPN for the very same reason that you are experiencing. </P><P></P><P>The best workaround would be, to have one of the remote site NAT their source IP when tunneling traffic to your network. So, you can build the L2L Tunnel based upon the NATed IP Address. </P><P></P><P>Similar Configuration:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml</A></P><P></P><P>I hope it helps.</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>** Please rate all helpful posts **</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 02 Nov 2006 19:22:54 GMT ajagadee 2006-11-02T19:22:54Z https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690513#M1062870 <P>Hi ,</P><P></P><P>I have one VPN configured over Pix 506-e 6.3(4) for a site with remolte local network is 192.168.128.0 255.255.255.0.</P><P></P><P>Now I have told to configure new VPN for another site for that the remote LAN is 192.168.128.0 255.255.252.0</P><P></P><P>When I configured this VPN no traffic was generated and no VPN tunnel created for New Site(192.168.128.0/22) .</P><P></P><P>I found that a tunnel created for Old site(192.168.128.0/24) and all packets are going on this route.</P><P></P><P>Is this due to overlapping of remote LAN or I have missed some ACL configuration.?</P><P></P><P>Please help me on this.</P><P></P><P>Many thanks in Advance.</P><P></P><P>Siddhartha </P> Fri, 21 Feb 2020 09:16:51 GMT https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690513#M1062870 sid916207 2020-02-21T09:16:51Z https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690514#M1062890 <HTML><HEAD></HEAD><BODY><P>Siddhartha,</P><P></P><P>You have not missed anything. This is expected behavior with overlapping subnet and this configuration is not supported in VPN for the very same reason that you are experiencing. </P><P></P><P>The best workaround would be, to have one of the remote site NAT their source IP when tunneling traffic to your network. So, you can build the L2L Tunnel based upon the NATed IP Address. </P><P></P><P>Similar Configuration:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml" target="_blank">http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949f1.shtml</A></P><P></P><P>I hope it helps.</P><P></P><P>Regards,</P><P>Arul</P><P></P><P>** Please rate all helpful posts **</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 02 Nov 2006 19:22:54 GMT https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690514#M1062890 ajagadee 2006-11-02T19:22:54Z https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690515#M1062903 <HTML><HEAD></HEAD><BODY><P>Hi Arul,</P><P></P><P>Thanks a lot for help.</P><P></P><P>Siddhartha</P></BODY></HTML> Tue, 07 Nov 2006 10:07:26 GMT https://community.cisco.com/t5/network-security/overlapping-subnet-mask-in-vpn-configuration/m-p/690515#M1062903 sid916207 2006-11-07T10:07:26Z