Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OSPF Route v IPSEC VPN

Hello all.

Could anyone point me in the right direction regarding the dilema below.

I have a pair of ASA 5510's running with VLAN Sub-interfaces. For simplicity i'm going to label them 1.3 (192.168.12.0/24) and 1.16 (172.16.100.0/24)

Connected to VLAN.3 is a 2801 Router that is advertising an OSPF route to 172.20.0.0/16 via 192.168.12.253 (MPLS network). I can see this in the routing table on the ASA.

However, I have to configure a new Site-to-Site VPN for a client on VLAN16, which as it would happen, use 172.20.0.0/16 at the remote end. The local networks are segregated and I do not have the 'Same Sec permit' enabled.

When I run a packet tracer from the VLAN16 Network, to 172.20.0.0/16 I can see its trying to egress out of 192.168.12.253.

The million dollar question is am I able to get this Site-to-site to 'ignore' the entry in the routing table and go out via the 'Outside' interface?

You can probably tell I'm a total novice so any assistance would be appreciated.

Thanks.

1 REPLY

You would probably get a

You would probably get a better response if you post this on the security forum.

I think your only option is to either perform desitnation NAT or have the remote end do the natting from their end in order to prevent the overlap.

50
Views
0
Helpful
1
Replies
CreatePlease login to create content