IPSec VPN between HQ and Branch with colliding LAN segment

OGX SE Lv1Posted 17 Sep 2020 09:59

Last edited by OGX SE 17 Sep 2020 10:12.

Hi,
I am trying to set up site-to-site IPSec VPN between HQ and Branch with LAN segment IP colliding as shown in the attachment below.
https://docs.google.com/document/d/1UEhvwYLf8M-OMZD968Wn9y1gADIjnBLAdL45XVJNnsg/edit?usp=sharing

I did Tunnel NAT on the HQ to translate 10.10.10.0/24 segment to 192.168.100.0/24 and found out tunnel NAT is only used to solve colliding IP segment of branches to HQ.

IPSec VPN connection cannot be established because of colliding LAN segment. Is there any solution/advice to setup IPSec VPN from HQ to Branch?

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Noman Rajput Lv2Posted 26 Jul 2022 20:06
  
you need change Network or you can further subnet it.
Faisal P Posted 21 Jul 2022 14:21
  

Please follow the following configuration
Imran Tahir Lv4Posted 20 Jul 2022 13:24
  
Please share network design
Farina Ahmed Lv5Posted 19 Jul 2022 14:16
  
An IP conflict occurs when two or more hosts in the same subnet are configured with the same IP address. Pls use different IP schemes. Plus for VPN tunnel, on both sides of sites, the network should be same so routers can communicate on same network.
isabelita002 Lv3Posted 19 Jul 2022 14:03
  
Ip scheme is very important when establishing site to site vpn. In you case, you should get rid of the overlapping local IP.
rivsy Lv5Posted 19 Jul 2022 13:12
  
the connection is not properly configured
Rhebie Lv3Posted 19 Jul 2022 10:12
  
Please redo your IP addressing scheme, same network from source and destination don't work on the VPN.
naomivillamor Posted 19 Jul 2022 10:03
  
If your Subnets are overlapping, you should change it to avoid conflict
Pat Lv4Posted 19 Jul 2022 08:47
  
Your Subnet may be overlapping. VPN traffic between sites with overlapping addresses requires address translation in both directions. Because the source address on outbound traffic cannot be the same as the destination address on inbound traffic, the addresses referenced in the inbound and outbound policies cannot be symmetrical.
Osama Muhammad Lv3Posted 19 Jul 2022 00:08
  
Please share network diagram to see and advice accordingly.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders