Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 2394 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Overlapping subnet in 2 IPSEC VPN

Tushar Jain

HI Team,

I have VPNs to 2 different site, the other end is not using Sophos but Meraki & ASA

My issue is for first site the remote subnet is 10.0.0.0/8 and for other one - 10.216.30.0/23 & 10.216.33.0/24 

And it causing overlapping of subnets. packets are not being delivered to 10.216.30.0/23 subnet though sophos should check for longest prefix match 

Is there a solution to send the traffic for 10.216.30.0/23 & 10.216.33.0/24 to second VPN instead of first one

Regards

TJ



This thread was automatically locked due to age.
Parents
  • 0

    As H_patel wrote you can only solve this with NAT. It's not the firewall that "should" check the longest prefix match; it's the workstation that thinks 10.216.30.0 is in it's own subnet hence the local computer will never deliver the package to the router but will only broadcast an WHO HAS 10.216.30.x on the local network.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0

    As H_patel wrote you can only solve this with NAT. It's not the firewall that "should" check the longest prefix match; it's the workstation that thinks 10.216.30.0 is in it's own subnet hence the local computer will never deliver the package to the router but will only broadcast an WHO HAS 10.216.30.x on the local network.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML