Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
485
Views
1
Helpful
4
Replies

ASA IPSec S2S "overlapping"

Patrik Nechajev
Level 1
Level 1

‎03-29-2023 01:36 PM

Hello,

just fast question. We have multiple customers behind our ASA cluster connected via S2S IPsec. Each customer has its subinterface/VLAN/own network.
Till now none of our customer had same remote networks in S2S. However time has come and one of our customers is changing its remote network to new one which is overlapping with another customer.
Will this scenario cause any issues?

Customer A vlan 10: Network behind ASA 10.0.0.0/24 Remote subnet in S2S 192.168.1.0/24
Customer B vlan 11:  Network behind ASA 10.0.1.0/24 Remote subnet in S2S 192.168.1.0/24

Will this cause any issues? I think it should work without any problem since those are two separated networks, am i right?

Thank you.

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎03-29-2023 01:46 PM

Hi @Patrik Nechajev should be ok as the source networks are different, so interesting traffic would match the different crypto ACL and routed via the different tunnels.

Patrik Nechajev
Level 1
Level 1
In response to Rob Ingram

‎03-29-2023 01:58 PM

Hello Rob, 
great, thanks!

0 Helpful

MHM Cisco World
VIP
VIP

‎03-29-2023 01:51 PM - edited ‎03-29-2023 02:00 PM

Network behind ASA 10.0.0.0/24
Network behind ASA 10.0.1.0/24
separate no issue at all.  

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎03-29-2023 02:04 PM

overlapping between subnet ?
This can only happened if you use in one of ACL of VPN 10.0.0.0/8 instead of 10.0.0.0/24

 

0 Helpful
Customers Also Viewed These Support Documents