08-05-2020 06:38 AM
Hello
We have a requirement to create two VPN Tunnels
Site A:
Local Subnet : 20.30.0.0/16 : Remote Subnet (DC): 20.0.0.0/8
Site B:
Local Subnet : 20.30.0.0/16 : Remote Subnet : 20.40.0.0/16
DC has about 50 sites in that subnet range, If I create these two Tunnels as is, then the traffic meant for Site B may go through Site A's VPN Tunnel.
The only way I know how to achieve this is create individual subnets (49) and add them to Tunnel for Site A, but it's a pain.
Is there any other way to achive it without having to create 49 subnets?
08-05-2020 06:54 AM
Hi,
You could complicate your configuration using NAT to over come this overlapping networks (that's also a pain)
Alternatively use a VTI instead of a crypto map with 2 static routes to the correct tunnel. The /16 would match the correct Site B tunnel and the /8 Site A tunnel.
HTH
08-05-2020 08:04 AM
Thank you.
Do you have a link for me to refer for VTI configuration?
08-05-2020 08:17 AM
There is nothing special about a VTI in your scenario, it's just your /16 is a more specific route so will be routed to the correct tunnel interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide