10-31-2013 08:42 AM - edited 02-21-2020 07:17 PM
Hi,
I have headquater where multiple vlan are running and branch office has only one subnet.following is subnet details
Head office subnets
192.168.0.0
192.168.101.0
192.168.50.0
192.168.10.0
192.168.20.0
192.168.30.0 all are /24
branch office
192.168.1.0/24
Head office i have PIX and in branch office i have cisco 2600 router.I want that my all subnet in headoffice access my branch office LAN
I want to create a ipsec vpn my question is that can i merge multiple subnets of headoffice in one subnet because I want ot get rid of multiple ACL entries
Solved! Go to Solution.
10-31-2013 09:14 AM
Hi,
Well if we look at the Branch site. It only has the single network and even with the overlapping destination network it shouldnt cause problem. If a host on the Branch network needs to connect to another local subnets host it will connect directly to it and the traffic wont flow through the router.
I am not sure if there should be any problems on the PIX side either.
But to be honest that is a very small amount of networks and I dont see a particular reason I would not configure each network specifically even though it would procude a couple of lines more to the ACL. I personally prefer to be as specific as I can in the configurations to avoid any problems.
- Jouni
10-31-2013 08:58 AM
Hi,
I guess you might be able to configure the HQ site in the ACLs as 192.168.0.0/17 (255.255.128.0) even though the Branch also belongs to this range.
- Jouni
10-31-2013 09:08 AM
Hi Jouni,
MY branch subnet is included in above range it will work okay for me??I mean it will not create any conflit?
10-31-2013 09:14 AM
Hi,
Well if we look at the Branch site. It only has the single network and even with the overlapping destination network it shouldnt cause problem. If a host on the Branch network needs to connect to another local subnets host it will connect directly to it and the traffic wont flow through the router.
I am not sure if there should be any problems on the PIX side either.
But to be honest that is a very small amount of networks and I dont see a particular reason I would not configure each network specifically even though it would procude a couple of lines more to the ACL. I personally prefer to be as specific as I can in the configurations to avoid any problems.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide