Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Overlapping networks on the remote site

    IPsec
    2
    2
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      destified
      last edited by

      Hi,

      I have several site-to-site VPNs of these two site remote subnets overlapped.
      The bigger subnet is 10.0.0.0/13 and the smaller is 10.0.0.0/20. (It's not my idea :-)
      Theoretically is not a problem because the packets are sent to the smaller subnet (Longest prefix match)

      http://en.wikipedia.org/wiki/Longest_prefix_match

      But I experience a problem with.
      If the bigger subnet VPN establish sooner then the (Longest prefix match) doesn't work, but the smaller subnet VPN establish sooner, works properly.

      I can't guarantee the establishing order, because if idle the connection disconnects and etc.

      Any Idea?

      Cheers.

      1 Reply Last reply Reply Quote 0
      • D
        dhatz
        last edited by

        Generally speaking one option to resolve addressing conflicts would be to NAT before VPN.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.