I have a routing problem when connecting to our ASA5550 and split tunneling. The issue is surrounding overlapping RFC1918 space. For instance I am sitting on a private network where the DNS server is in RFC 1918 space, say 10.1.1.5. But that network is only reachable via my default gateway on the Iocal LAN network. I then connect to a remote network that has overlapping IPs with my current host. When this occurs, I can access the remote network resources appropriately, since the remote ASA is passing me the correct routing table for the connection. The remote networks overlap with my local DNS server. Again, the local DNS server is only reachable via my default route. However that routing table is more specific than my default route to my local DNS server.
Keep in mind this is for illustration, we have users that do this from home and on the road when an ISP provides DNS servers in overlapping RFC1918 space. I cannot always control the DNS servers assigned to the local LAN or to an aircard or MiFi. This is the crux of the issue.
Does anyone have a working resolution to this situation? it canot be some custom route done local to the host, unless it is done out of the ASA configuration. it also has to accomodate the unknown in terms of local LAN.
Anyone up for a challenge? I have a ticket open with Cisco and they are struggling with this.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...