My company's infrastructure is hosted on Google Cloud. We'd like to connect a network of one our clients with site-to-site (IPSec) VPN. I've setup one on Google Cloud but we have a problem. Our subnetwork (10.10.0.0/16) is overlapping with their subnetworks (10.10.0.0/24). We have to solve this on our end, so on Google Cloud. Any idea how we can achieve this? I tried to add a new network interface to our VMs, but it's not possible with already existing VMs on Google Cloud.
Asked
Active
Viewed 2,439 times
2 Answers
0
You can setup Cloud VPN tunnel to GCP even if your on-prem ip address range (10.10.0.0/16) subset is overlapping with GCP vpc ip address range (10.10.0.0/24), based on guide [https://cloud.google.com/vpn/docs/concepts/order-of-routes#routing-examples].
But if your on-prem ip address range is subset of the GCP VPC ip address range, you cannot setup VPN at this situation, so you need either change your on-prem ip address range or GCP VPC's.
Current GCP doesn’t support adding additional network interface to existing VM. It can only be done during VM creation.
Jonsun Zhao
- 16
- 2
0
You can't use Cloud VPN with overlapping subnets. The Cloud VPN documentation claims that you actually may connect client's infrastructure but routing will not work as you need.
Since another NIC can't be added to the existing VM instance, VLAN compliant with the IEEE 802.1q standard could be a solution. VLAN Attachments are supported for Dedicated Interconnect and Partner Interconnect.
If you prefer to stick with Cloud VPN, using static NAT for the whole subnet could be considered to shift it to another address range.
mebius99
- 404
- 2
- 6