I wonder if anyone can explain why the following occurs and if there is a way around it.
Lets say i have a site with 2 outgoing connections. One is an IPSec lan-2-lan connection via an ASA\PIX firewall to 10.0.1.0/24. The other is an internal private WAN connection to every other 10.0.0.0/8 address.
If i specify a static route on the firewall directing 10.0.0.0/8 to our internal private WAN then this "breaks" the VPN to 10.0.1.0/24. Clearly this is because the firewall thinks 10.0.1.0/24 is now available by the internal private WAN. Even though it has an IPSec VPN configured for 10.0.1.0/24.
This means that i would need to add routes on the firewall for every 10.0.0.0/8 address with the exception of 10.0.1.0/24. This is quite "fiddly" to say the least.
Is there any easier way to do this?
Can I assume that, from your asa perspective, your WAN link does not exit the asa from the outside interface...
Your cryto-map is apply to the outside interface, add a static route to your asa to force trafic destined to 10.0.1.0/24 to exit from that interface.
If this is not the case, please give us a idea of your network topology.