Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
555
Views
0
Helpful
3
Replies

Ipsec VPN connectivity between multiple subnet to single subnet

Go to solution
junaid haroon
Beginner
Beginner

‎10-31-2013 08:42 AM - edited ‎02-21-2020 07:17 PM

Hi,

I have headquater where multiple vlan are running and branch office has only one subnet.following is subnet details

Head office subnets

192.168.0.0

192.168.101.0

192.168.50.0

192.168.10.0

192.168.20.0

192.168.30.0       all are /24

branch office

192.168.1.0/24

Head office i have PIX and in branch office i have cisco 2600 router.I want that my all subnet in headoffice access my branch office LAN

I want to create a ipsec vpn my question is that can i merge multiple subnets of headoffice in one subnet because I want ot get rid of multiple ACL entries

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
Mentor
Mentor
In response to junaid haroon

‎10-31-2013 09:14 AM

Hi,

Well if we look at the Branch site. It only has the single network and even with the overlapping destination network it shouldnt cause problem. If a host on the Branch network needs to connect to another local subnets host it will connect directly to it and the traffic wont flow through the router.

I am not sure if there should be any problems on the PIX side either.

But to be honest that is a very small amount of networks and I dont see a particular reason I would not configure each network specifically even though it would procude a couple  of lines more to the ACL. I personally prefer to be as specific as I can in the configurations to avoid any problems.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
Mentor
Mentor

‎10-31-2013 08:58 AM

Hi,

I guess you might be able to configure the HQ site in the ACLs as 192.168.0.0/17 (255.255.128.0) even though the Branch also belongs to this range.

- Jouni

0 Helpful

Go to solution
junaid haroon
Beginner
Beginner
In response to Jouni Forss

‎10-31-2013 09:08 AM

Hi Jouni,

MY branch subnet is included in above range it will work okay for me??I mean it will not create any conflit?

0 Helpful

Go to solution
Jouni Forss
Mentor
Mentor
In response to junaid haroon

‎10-31-2013 09:14 AM

Hi,

Well if we look at the Branch site. It only has the single network and even with the overlapping destination network it shouldnt cause problem. If a host on the Branch network needs to connect to another local subnets host it will connect directly to it and the traffic wont flow through the router.

I am not sure if there should be any problems on the PIX side either.

But to be honest that is a very small amount of networks and I dont see a particular reason I would not configure each network specifically even though it would procude a couple  of lines more to the ACL. I personally prefer to be as specific as I can in the configurations to avoid any problems.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents