I´m using a Star community.
Disabel NAT inside VPN community is not (and was not) checked.
I changed the community option to "VPN Tunnel Sharing to One VPN per Gateway pair."
I installed the ccc script on both ends (cluster and gateway). Please look the attached image for the VPN routing information.
As you can see, the 172.16.x.x is correctly listed in the encryption domain, but for some reason, all the other participating subnets are listed too. It´s like the vpn config is not recognizing the encryption domain object that I specified.
Active cluster member:
Both sides shows the same ED
On the other hand, I wonder why do I need to add the gateway´s local segments in the encryption domain. Probably I was not clear enought with my first post, but what i´m trying to test is to hide overlaping networks on VPN. For that I´m using the same LAN (192.168.1.0/24) IPs on both sides, so I´m not sure of what would be the behavior if the same IP address segment is set in both EDs.
Thanks in advance for your time and help