Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

subnets for the VPN connection

NorsmithNorsmith Newbie ✭
in Entry Level Firewalls

Hi!

Already have active IPsec connections (on the picture Main Office-Office01-Office02), Need to build another VPN channel From Office02 to Warehouse. Office02 already has the VPN channel to Main office where subnet is 192.168.10.XXX, so will I have a problem if the Warehous subnet the same: 192.168.10.XXX? Or it is better to change it? Thanks!

SonicWall Question 01.jpg

Category: Entry Level Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "will I have a problem if the Warehous subnet the same: 192.168.10.XXX?"

    Yes you will have a problem. You can use NAT to circumvent the subnet overlap though.

    "Or it is better to change it?"

    The forever question. Really it's up to you. If it's a small network with few devices than changing the subnet would be relatively easy.

  • NorsmithNorsmith Newbie ✭

    Thanks, for answering, makes sense, still have another question regarding the VPN and subnets :-) As a wrote I am planning to use the failover IP address in main office, so have to program the sonicwall in Office01 (see the diagram pls) with the second external IP for the VPN, I guess it will acting as a second VPN channel, both VPNs will be pointed to the same site (same sonicwall router) in this scenario can I use the same subnet for the main office in both VPN channels? Could it cause the conflict?

    Thanks.

    SonicWall Question 02.jpg
    SonicWall Question 03.jpg

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    I think you will encounter an error when trying to use the same encryption domains/ destination/ interesting traffic - whatever terminology you are familiar with.

    IPsec Name: Address object XXX overlaps in XXX Network policy

    On an IKE V1 IPSEC site-site VPN you have the option for a primary and secondary Endpoint

    If you are using a route based VPN you have the option to have only failover (the route is disabled when the VPN is down) or route some traffic types down the secondary.

    How to configure redundant routes for Route Based VPN | SonicWall

    There is also SD WAN

    How do I configure SD-WAN using VPN numbered tunnel interfaces? | SonicWall

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "can I use the same subnet for the main office in both VPN channels? "

    You are essentially asking the same question. See my original response.

  • ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Or it is better to change it?

    Sounds like it, yes.

Sign In or Register to comment.