I agree with Peter's analysis

Jacob McHenry · ‎03-16-2016

Hi everyone,

My main office is set up with a 10.0.0.0/8 network. I just opened a secondary office which I'm trying to connect to our site to site vpn which is currently operating with 2 home offices with 192 class c networks. The new office I configured as 10.1.0.0/16. Am I able to do this? I have 2601's in both offices, they say the vpn is up, but I can't seem to get any traffic to route from the secondary office to the main office and vice versa. I was thinking I should probably change the new office to a 172.16.0.0/12 network?

Thanks,

Jake

Philip D'Ath · ‎03-16-2016

Can you stop using 10.0.0.0/8? That's a yucky design.

Jacob McHenry · ‎03-16-2016

Anything is a possibility, but at this point it would take forever to change all the security devices, servers, vm's, and ip phones. DHCP would take care of all the workstations and wifi. I was hoping to get this to work or change the new office if needed :)

Peter Koltl · ‎03-19-2016

Despite the overlapping networks you may be able to make it work as long as you make sure that no 10.1.x.x addresses are in use in the main office. With those excluded, you need 10.0.0.0/8 and 10.1.0.0/16 on either side of the tunnel and two routes respectively. The result is hosts can communicate via the tunnel except for 10.1.x.x hosts in the main office.

If this is not reasonable, you need to add NAT:

http://www.cisco.com/c/en/us/support/docs/routers/3800-series-integrated-services-routers/107992-IOSRouter-overlapping.html

Richard Burts · ‎03-19-2016

I agree with Peter's analysis of the situation and his suggestions. If your VPN is not working/not passing traffic then I suggest that you post your configuration from both sides and let us try to find why it is not passing the traffic.

HTH

Rick

HTH

Rick

VPN Routing Issue