Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
2
Replies

VPN between Z4 through meraki to forti firewall overlaps the subnets

M.Sultan
Spotlight
Spotlight

‎11-06-2023 03:01 AM

Hi engineers,

Trying to build site to site vpn from Z4 Meraki to forti firewall but meraki dashboard pop below messages, What would be the reason and the solution ?

The VLAN subnet 172.21.16.8/29 overlaps with a remote VPN subnet on the non-meraki peer Forti-W1 (172.16.0.0/12). IP traffic will be routed to the smallest subnet that Contains the IP address.

The subnet on the non-meraki peer Forti-W1 (172.16.0.0/12) overlaps with the subnets on networks London1 (172.21.16.0/29) and Z4 (172.21.16.16/29). IP traffic will be routed to the smallest subnet that Contains the IP address.

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎11-06-2023 03:16 AM

@M.Sultan this is the exact same post as - https://community.cisco.com/t5/vpn/vlan-overlaps-z4-to-forti-vpn-establishing/m-p/4953962#M291774

Change the remote network to be more specific than the /12 so there is no overlap or use NAT. You would have to change crypto ACL that defines interesting traffic on both the local side and the remote peer to use the NAT address instead of the real network.

0 Helpful

MHM Cisco World
VIP
VIP

‎11-06-2023 03:25 AM

as I know the Meraki dont support NAT with VPN, 
so you need to look on Forti to NAT the LAN.
this need change ACL instead of using real IP you need to use mapped IP in ACL of VPN in Meraki and Forti FW

0 Helpful
Customers Also Viewed These Support Documents