03-29-2023 01:36 PM
Hello,
just fast question. We have multiple customers behind our ASA cluster connected via S2S IPsec. Each customer has its subinterface/VLAN/own network.
Till now none of our customer had same remote networks in S2S. However time has come and one of our customers is changing its remote network to new one which is overlapping with another customer.
Will this scenario cause any issues?
Customer A vlan 10: Network behind ASA 10.0.0.0/24 Remote subnet in S2S 192.168.1.0/24
Customer B vlan 11: Network behind ASA 10.0.1.0/24 Remote subnet in S2S 192.168.1.0/24
Will this cause any issues? I think it should work without any problem since those are two separated networks, am i right?
Thank you.
03-29-2023 01:46 PM
Hi @Patrik Nechajev should be ok as the source networks are different, so interesting traffic would match the different crypto ACL and routed via the different tunnels.
03-29-2023 01:58 PM
Hello Rob,
great, thanks!
03-29-2023 01:51 PM - edited 03-29-2023 02:00 PM
Network behind ASA 10.0.0.0/24
Network behind ASA 10.0.1.0/24
separate no issue at all.
03-29-2023 02:04 PM
overlapping between subnet ?
This can only happened if you use in one of ACL of VPN 10.0.0.0/8 instead of 10.0.0.0/24
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide