Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

multi VPN same network destination

Hi I have the following problem: I have to connect my office with two different locations, in site-to-site VPN.
these locations have the same subnet.

my office:
site a:
site b:

how can I forward traffic to one or the other location?




My best advice: have one of the networks redesigned to a different address space. I hope your example is just for illustration, but I've seen 192.168.0.x in use in many places. Address space for private networks is huge, but people tend to choose always the same 3 networks.


Now, if network a or b are not under your control, you will have to use an address space of your own, like, to communicate with in site a (for example). In the policy from your LAN to the VPN interface, you need to apply destination NAT (1:1 if possible), and NAT back onto your address space upon reception. This is well documented in some KB articles ("Site-to-Site VPN with subnet overlap").


Feasable, but a nuisance. If you use 1:1 NAT, then at least the last byte in a /24 is identical, which might help addressing remote hosts. Of course, setting up your own DNS for remote names and local addresses is useful.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!

the problem is this: I would like to connect my office with our customers to be able to do remote assistance. two of our customers have an equal network 192.168.0 / 24.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors