vpn overlap_encdom

Description

Shows all overlapping VPN domains.

Some IP addresses might belong to two or more VPN domains.

The command alerts for overlapping encryption domains if one or both of the following conditions exist:

  • The same VPN domain is defined for both Security Gateways.

  • If the Security Gateway has multiple interfaces, and one or more of the interfaces has the same IP address and netmask.

Syntax

vpn overlap_encdom [communities | traditional]

Parameters

Parameter

Description

communities

Shows all pairs of objects with overlapping VPN domains, only if the objects (that represent VPN sites) are included in the same VPN community.

This parameter is also used, if the same destination IP can be reached through more than one VPN community.

traditional

Default parameter.

Shows all pairs of objects with overlapping VPN domains.

Example

# vpn overlap_encdom communities
The objects Paris and London have overlapping encryption domains.
The overlapping domain is:
10.8.8.1 - 10.8.8.1
10.10.8.0 - 10.10.9.255
- This overlapping encryption domain generates a multiple entry points configuration in MyIntranet and RemoteAccess communities.
- Same destination address can be reached in more than one community (Meshed, Star). This configuration is not supported.
 
The objects Paris and Chicago have overlapping encryption domains. The overlapping domain is:
10.8.8.1 - 10.8.8.1
- Same destination address can be reached in more than one community (MyIntranet, NewStar). This configuration is not supported.
 
The objects Washington and Tokyo have overlapping encryption domains.
The overlapping domain is:
10.12.10.68 - 10.12.10.68
10.12.12.0 - 10.12.12.127
10.12.14.0 - 10.12.14.255
- This overlapping encryption domain generates a multiple entry points configuration in Meshed, Star and NewStar communities.