cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
215
Views
0
Helpful
2
Replies
sahara101
Beginner

Site2SIte VPN Overlapping Network

Hello community,

 

I have a question for which I googled but still do not understand it quite well.

 

Would it be possible to create a site2site connection, with both sides having the same subnet? What I have found is the use of XLATED. 

 

https://www.petenetlive.com/KB/Article/0001446

 

But what I do not understand is how this works. If I have Site A 10.10.1.0 and Site B 10.10.1.0 I need to create a masquerade subnet for bothe, so Site A 10.10.2.0 and Site B 10.10.3.0

Then I need to ping 10.10.3.0 from Site A in order for SIte B to provide a response over 10.10.1.0.

But does this not mean that all communication needs to be made over the new addresses? If there are Services that depend on each other how will they communicate without changing any IPs? Let's say I migrate DC from Site A to Site B. How will the Clients on Site A communicate with it? 

 

What I am trying to achive, if possible, is to leave the network as is, create the same netowork at Site B and let them communicate via VPN. 

 

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions
balaji.bandi
VIP Expert

Site to site VPN with overlaop you need to masq as you mentioned - when they going to other side of the network like example.

 

10.10.10.x network otehr side  site1 10.10.2.X you going to NAT with your Local NAT IP range 10.10.3.X

 

If the IP address local communicating with Location then you need to do orginal do not NAT

 

Other example : ( see in the middle different subnet you use for masq)

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/211275-Configuration-Example-of-ASA-VPN-with-Ov.html

https://www.practicalnetworking.net/stand-alone/vpn-overlapping-networks/

 



BB


*** Rate All Helpful Responses ***

View solution in original post

2 REPLIES 2
balaji.bandi
VIP Expert

Site to site VPN with overlaop you need to masq as you mentioned - when they going to other side of the network like example.

 

10.10.10.x network otehr side  site1 10.10.2.X you going to NAT with your Local NAT IP range 10.10.3.X

 

If the IP address local communicating with Location then you need to do orginal do not NAT

 

Other example : ( see in the middle different subnet you use for masq)

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-firewalls/211275-Configuration-Example-of-ASA-VPN-with-Ov.html

https://www.practicalnetworking.net/stand-alone/vpn-overlapping-networks/

 



BB


*** Rate All Helpful Responses ***

View solution in original post

Thanks for info and links

Content for Community-Ad