IPSec VPN between HQ and Branch with colliding LAN segment

OGX SE Lv1Posted 17 Sep 2020 09:59

Last edited by OGX SE 17 Sep 2020 10:12.

Hi,
I am trying to set up site-to-site IPSec VPN between HQ and Branch with LAN segment IP colliding as shown in the attachment below.
https://docs.google.com/document/d/1UEhvwYLf8M-OMZD968Wn9y1gADIjnBLAdL45XVJNnsg/edit?usp=sharing

I did Tunnel NAT on the HQ to translate 10.10.10.0/24 segment to 192.168.100.0/24 and found out tunnel NAT is only used to solve colliding IP segment of branches to HQ.

IPSec VPN connection cannot be established because of colliding LAN segment. Is there any solution/advice to setup IPSec VPN from HQ to Branch?

By solving this question, you may help 806 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Jun_Sheng17 Posted 26 Jan 2021 14:02
  
The link you shared is not accessible, may I have a look on your network topology for more understanding?
Noviyanto Lv3Posted 18 Jul 2022 11:16
  
I can't open the link you provided, can you re-upload it?
nO_iDea Lv5Posted 18 Jul 2022 13:38
  
Unfortunately, same IP segment on each side of the HQ and Branch will not work and will have error and no work around on this. You must change the IP scheme one of the sites (either HQ or Branch)
jetjetd Lv5Posted 18 Jul 2022 16:41
  
In order for your site-to-site VPN will work you need to change your subnet. It must have different subnet between your HQ and your branch site.
Osama Muhammad Lv3Posted 19 Jul 2022 00:08
  
Please share network diagram to see and advice accordingly.
Pat Lv4Posted 19 Jul 2022 08:47
  
Your Subnet may be overlapping. VPN traffic between sites with overlapping addresses requires address translation in both directions. Because the source address on outbound traffic cannot be the same as the destination address on inbound traffic, the addresses referenced in the inbound and outbound policies cannot be symmetrical.
naomivillamor Posted 19 Jul 2022 10:03
  
If your Subnets are overlapping, you should change it to avoid conflict
Rhebie Lv3Posted 19 Jul 2022 10:12
  
Please redo your IP addressing scheme, same network from source and destination don't work on the VPN.
rivsy Lv5Posted 19 Jul 2022 13:12
  
the connection is not properly configured

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders