Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Tunnel Interface (Route-Based) VPN with overlapping subnets

I'm looking for a KB article on Tunnel Interface (Route-Based) VPN with overlapping subnet(s). I can find it for Site-to-Site IPSEC but not for Tunnel Interface.

Secondly for Tunnel Interface VPN with multiple remote sites subnets overlapping.

Category: Entry Level Firewalls


  • Options
    prestonpreston Enthusiast ✭✭

    @MichaelB , for the Tunnel Interface you have more control as you can use ranges in the routes, it would be best to check with the other sites which part of the subnets they actually use, do they truly overlap or are they just using the same subnet? , for example if you have a local\8 and the remote site also has a\8 but you are only using - on your side but the remote side is using - then you can avoid the overlap by only putting a route for the VPN to say the range goes across the tunnel, then obviously do the opposite on the remote device on the other end of the VPN.

  • Options
    MichaelBMichaelB Newbie ✭
    @preston, at least 2 remote sites have a subnet. The local is
  • Options
    MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭

    You should do twice nat rule / double nat. I don't have acccess firewall now however I cannot share screenshot but I think below example will be clear.

    create a nat rule for overlaps ips

    example : HQ--->BRANCH

    HQ Firewall Nat rule 1. 

    source : overlap ip

    translated : new nated ip:

    destination : destination overlaps nated ip.

    interface Tunell interface.

    Branch Firewall Nat rule 1.


    Translated : orginal.


    Destination translated:


    Branch Firewall Nat rule 2.

    Source :

    Source Translated:


    Destination Translated : Orginal.

    interface : Tunel interface.

    HQ Firewall NAT rule 2.

    Source :

    Source Translated: orginal


    Destination Translated :

    interface : Tunel interface.

Sign In or Register to comment.