The remote subnet and the IP address of the LAN port should not be in the same network segment.

 

I have seen some other posts regarding VPN Range overlapping, but none have answered how accurately? 

 

My company runs a 10. network with Cisco routers everywhere including my home, which is the one im swapping out / playing with....

 

Under the IPSEC config there is only 1 entry for "Remote Network" while "Local Network" can be "LAN" or Multiple Ranges....

Why not have Multiple Remote ranges... and let the VPN overlap the LAN like other manufactures do!

 

My Cisco Defines my inside interface as 

 

interface GigabitEthernet0/1.1
ip address 10.96.192.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

 

Cisco's Lan to Lan IPSEC Access List is configured as:

access-list 102 permit ip 10.96.192.0 0.0.0.255 10.0.0.0 0.255.255.255  (OVERLAP)

 

Cisco's NAT table gets a "Deny" since I can come back to my house from the office. (and it's not NATed)

access-list 101 deny   ip 10.96.192.0 0.0.0.255 10.0.0.0 0.255.255.255

 

The IKE & Cisco Understands that 10.96.192.x is Local and the rest of the 10. range(s) is VPN and routes accordingly 

 

On the TP-Link I can currently Set (only one):

 Remote Network to 10.96.4.0/24  to see my NY Servers.

 Remote Network to 10.64.0.0/16  to see my US Servers.

 Remote Network to 10.128.0.0/16  to see my UK Servers.

And they all work (individually) 

 

How do i set  10.0.0.0/8  to see my entire network like the Cisco does?

There is NO WAY to set multiple ranges, and I cant overlap???
 

Any Ideas?  (besides keep my 10 year old Cisco)

 

UPDATE1:

I tried the Beta Firmware which also wont let me save the VPN that overlaps the LAN... 

 

In continuing to play, I temporally changed my LAN interface to 11.96.192.0 and

set the VPN "Remote Network" to 10.0.0.0/8. 

set the "Local Network" to 10.96.192.0/24

I was then able to save the VPN config,

 

I then Changed my LAN interface back to 10.96.192.0 and luckily the Web interface wasn't smart enough to cross check the VPN's ;)

 

Tunnel's UP! I can now see my whole WAN NY,US AND UK!!!!!! 

Locally the NAT seems ok, I can browse.....

My only "Major" issue, is I have lost the local web server so no more config changes :(

Well this proves it "Could" work.....

I see a paper clip and reset pin in my future.....

UPDATE2:

No Paperclip needed....

If I pull the WAN cable, the VPN drops and the internal web server comes alive again :)

It's a HACK, not by any means production ready...

 

I think I need Engineering to look into this.... such a great device, would replace all 40 Cisco's... Please fix this!!!!

 

Thanks,

Mike