Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gavin211
Explorer

Site to Site VPN with overlapping subnet

Hello Experts,

 

I am facing some issue with overlapping subnet, hope to be able to get some solution from this forums.

Below are what we current having / using

Star topology VPN

Main Site (Checkpoint) - 10.0.0.0/24

Remote Site A (Checkpoint)- 192.168.2.0/24, 192.168.3.0/24 (Configured IPSec Tunnel)

Remote Site B (Fortinet) - 192.168.0.0/21 (Having issue configuring IPSec Tunnel)

I am having issue trying to establish a IPSec Tunnel with remote site B, most likely due to the overlapping of subnet.

I would like to seek for advise on how can we move forward to solve this issue.

Thanks in advance.

0 Kudos
4 Replies
_Val_
Admin
Admin

NAT or change the Remote A subnet

0 Kudos
gavin211
Explorer

Changing remote A subnet will not be possible. Is there a guide for NAT between site to site VPN? 

0 Kudos
_Val_
Admin
Admin

This is a classic case, for every vendor running IPSec VPN S2S tunnels. There are plenty explanations on how to fix it with NAT. For example, https://www.practicalnetworking.net/stand-alone/vpn-overlapping-networks/

the_rock
Champion
Champion

@_Val_ is absolutely right. Now, personally, and this is just me, what I would do, just to be sure is maybe do quick vpn debug on CP side to confirm, but yea, it appears overlapping subnets are problem, for sure. 192.168.0.0/21 would definitely encompass 192.168.2.0/24 network. You can run below command on CP firewall and see what it shows.

vpn overlap_encdom