08-05-2020 06:38 AM
Hello
We have a requirement to create two VPN Tunnels
Site A:
Local Subnet : 20.30.0.0/16 : Remote Subnet (DC): 20.0.0.0/8
Site B:
Local Subnet : 20.30.0.0/16 : Remote Subnet : 20.40.0.0/16
DC has about 50 sites in that subnet range, If I create these two Tunnels as is, then the traffic meant for Site B may go through Site A's VPN Tunnel.
The only way I know how to achieve this is create individual subnets (49) and add them to Tunnel for Site A, but it's a pain.
Is there any other way to achive it without having to create 49 subnets?
08-05-2020 06:54 AM
Hi,
You could complicate your configuration using NAT to over come this overlapping networks (that's also a pain)
Alternatively use a VTI instead of a crypto map with 2 static routes to the correct tunnel. The /16 would match the correct Site B tunnel and the /8 Site A tunnel.
HTH
08-05-2020 08:04 AM
Thank you.
Do you have a link for me to refer for VTI configuration?
08-05-2020 08:17 AM
There is nothing special about a VTI in your scenario, it's just your /16 is a more specific route so will be routed to the correct tunnel interface.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: