Print Download PDF Send Feedback

Previous

Next

vpn overlap_encdom

Description Display all overlapping VPN domains. Some IP addresses might belong to two or more VPN domains. The command alerts for overlapping encryption domains if one or both of the following conditions exist:

If the gateway has multiple interfaces, and one or more of the interfaces have the same IP address and netmask

Syntax

> vpn overlap_encdom [communities | traditional]

Parameter

Description

Communities

With this flag, all pairs of objects with overlapping VPN domains are displayed -- but only if the objects (that represent VPN sites) are included in the same VPN community. This flag is also used if the same destination IP can be reached via more than one community.

Traditional

Default flag. All pairs of objects with overlapping VPN domains are displayed.

Example vpn overlap_encdom communities

Output

c:\> vpn overlap_encdom communitie

The objects Paris and London have overlapping encryption domains.

The overlapping domain is:

10.8.8.1 - 10.8.8.1

10.10.8.0 - 10.10.9.255

- This overlapping encryption domain generates a multiple entry points configuration in
MyIntranet and RemoteAccess communities.

- Same destination address can be reached in more than one community (Meshed, Star).
This configuration is not supported.

The objects Paris and Chicago have overlapping encryption domains. The overlapping domain is:

10.8.8.1 - 10.8.8.1

- Same destination address can be reached in more than one community (MyIntranet, NewStar).
This configuration is not supported.

The objects Washington and Tokyo have overlapping encryption domains.

The overlapping domain is:

10.12.10.68 - 10.12.10.68

10.12.12.0 - 10.12.12.127

10.12.14.0 - 10.12.14.255

- This overlapping encryption domain generates a multiple entry points configuration in
Meshed, Star and NewStar communities.