Wed Oct 12, 2022 1:16 am
Clean solution is to avoid overlapping subnets. Your new /20 will span from 192.168.0.0 to 192.168.15.255. So either use that and renumber 192.168.2.0/24 to something else (like 192.168.20.0/24). Or keep 192.168.2.0/24 and use 192.168.16.0/20 (192.168.16-31.*) instead of 192.168.0.0/20. You'll be changing config of current 192.168.1.x devices anyway (because of new mask), so it might not be too difficult. Or if you wouldn't need to use /20 as whole and just more addresses in separate smaller subnets would be enough, you could add those as non-continuous ones, i.e. keep 192.168.1.0/24, skip 192.168.2.0/24, and add e.g. 192.168.3.0/24, 192.168.4.0/23, etc, or whatever would fit your needs (and then you'd add separate policies for those).
If you're sure that renumbering is not an option on either side, it's possible to keep overlapping subnets and create virtual ones for tunnel. So for real 192.168.0.0/20 there could be virtual 192.168.16.0/20, and for real 192.168.2.0/24 it could be 192.168.32.0/24. Tunnel would be for 192.168.16.0/20 <-> 192.168.32.0/24 and there would have to be NAT (netmap, both srcnat and dstnat) on both routers. Then if e.g. real 192.168.2.100 would like to connect to real 192.168.1.200, it would be have to connect to 192.168.17.200, and real 192.168.1.200 would then see source as 192.168.32.100. So it would work, but you can imagine that it can bring some headaches too. Edit: Both virtual subnets could be /24, because only the actually overlapping part is the problem, but it doesn't make it much better.