Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
10
Helpful
5
Replies

Cisco ISK1K Same subnet via VTI

mikiNet
Level 1
Level 1

‎05-09-2021 03:45 AM

Hello Guys,

I have question how can I solve below problem:

My customer have 2 office which are connected via public IP, but this two office has the same subnet 192.168.5.0/24.

I can't do L2 between this sites, so I created my own LAB and I trying to emulate it and check how can I solve it in production. Below is my LAB topology

topo.PNG

Between R2 and R3 I have VTI (172.16.5.0/24 where 5.1 is R2, 5.2 is R3) which is protected by IPSEC. I have running eigrp on all routers in the same AS (also eigrp is running on tunnel) but when I trying ping from R1 (192.168.5.1) to R4(192.168.5.4) I not receive echo reply... 

My question is how can I extend subnet 192.168.5.0 via VTI ?

 

Labels:
5 Replies 5

mikiNet
Level 1
Level 1

‎05-09-2021 04:43 AM

I tested in LAB one think: NAT using NVI (ip nat enable) and it's working, but maybe exist another solution ? 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-09-2021 05:16 AM

As per i am aware you need to NAT for the Duplicate subnets.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP

‎05-09-2021 06:15 AM

Hello,

 

which router connects to the Internet ? What is the purpose of the VTI between R2 and R3 ? Post the full configurations of all routers involved, including the router that connects to the Internet.

0 Helpful

mikiNet
Level 1
Level 1
In response to Georg Pauwen

‎05-09-2021 07:38 AM

R2 and R3 are on the Internet and subnet 10.0.0.0/24 simulate this situation. Between R2 and R3 I have configured VTI tunnel protected by IPSEC. On all routers are running eigrp in same AS, also network statement for 172.16.5.0/24 is configured, behind R4 is another subnet - in my LAB R4 has interface loopback configured on 8.8.8.8 address which simulate this situation. Behind R1 is also another subnet - In my LAB R1 has interface loopback with 1.1.1.1 address. Both of it are advertised by EIGRP so R4 know abot 1.1.1.1 and R1 know about 8.8.8.8 and when I ping from 1.1.1.1 to 8.8.8.8 everythink working, but when I trying ping from 192.168.5.1(ping sourced from R1) to 192.168.5.4(address on interface R4) - it's not working because eigrp not advertise address 192.168.5.4/32 so R1 doesn't know how to reach this router.

To do reacheable probably I need to use NAT on both site so subnet 192.168.5.0/24 belongs to R1/2 I need to NAT for random subnet,  and subnet 192.168.5.0/24 belongs to R3/4 I need to NAT for another random subnet.

I only ask about solution which I should use. NAT ? L2TP? Or maybe exist very simple solution which I not know.

 

0 Helpful

MHM Cisco World
VIP
VIP

‎05-09-2021 12:42 PM

What is different between L2VPN and L3VPN ?
L2VPN the subnet behind the End is same 
L3VPN the subnet behind the End is different

You can Use L2 over GRE tunnel if you want. 

0 Helpful
Customers Also Viewed These Support Documents