Overlapping networks on the remote site



  • Hi,

    I have several site-to-site VPNs of these two site remote subnets overlapped.
    The bigger subnet is 10.0.0.0/13 and the smaller is 10.0.0.0/20. (It's not my idea :-)
    Theoretically is not a problem because the packets are sent to the smaller subnet (Longest prefix match)

    http://en.wikipedia.org/wiki/Longest_prefix_match

    But I experience a problem with.
    If the bigger subnet VPN establish sooner then the (Longest prefix match) doesn't work, but the smaller subnet VPN establish sooner, works properly.

    I can't guarantee the establishing order, because if idle the connection disconnects and etc.

    Any Idea?

    Cheers.



  • Generally speaking one option to resolve addressing conflicts would be to NAT before VPN.


Log in to reply