Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
10
Helpful
1
Replies

Site to Site Connectivity over VPN - Subnet overlapping

LovejitSingh130013
Level 1
Level 1

‎08-03-2021 06:57 AM

Hello experts,

@Rob Ingram  @balaji.bandi  @Nithin Eluvathingal  @Richard Burts  @Joseph W. Doherty 

 

we got HQ- 172.110.10.x/24 , siteA- 172.110.20.x/24  connected over IPSEC VPN and working great.

 

Now we got siteB - 172.110.20.x/24 which is same subnet we got at site A. 

 

I have to connect siteB to HQ over IPSEC VPN tunnel without disturbing its connectivity to siteA. Please suggest how I can accomplish this ?

 

I want to setup connectivity without changing subnet at edge site as it got lot of static IPs.

 

Thanks 

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎08-03-2021 07:17 AM - edited ‎08-03-2021 07:18 AM

@LovejitSingh130013 

Cisco have a guide for this, you'll need to use NAT to translate the traffic. Check out the section of the guide called "Hub and Spoke Topology with Overlapping Spokes"

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/211275-Configuration-Example-of-ASA-VPN-with-Ov.html

 

Personally, I'd recommending eventually changing the subnets at one of the remote sites.

Customers Also Viewed These Support Documents