Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA - Site to site IPSec tunnels to two different remote sites with overlapping destination subnets

Hi,

Can anyone help on this?

I need to set up two IPSec tunnel from a cisco ASA to two remote sites.  I'm not sure how the Cisco ASA would route traffic through two IPSec tunnels to two remote sites when one destination subnet (site B) is a supernet of the other destination subnet (eg. site A)

1) The trusted network connecting to the Cisco ASA is 10.20.20.0/24 (site C)

2) Remote site A subnet is 10.0.0.0/8

3) Remote site B subnet is 10.255.0.0/16

As shown above 10.255.0.0/16 is a supernet of 10.0.0.0/8

If I configure two crypto maps:

1) Crypto map for site A will include subnet 10.0.0.0/8

2) Crypto map for site B will include subnet 10.255.0.0/16

Both crypto maps above will also include subnet 10.20.20.0/24 (site C)

Would the above configuration work in terms of routing?  How does the Cisco ASA know that 10.255.0.0/16 needs to go to site B rather than site A?

Thanks 

162
Views
0
Helpful
0
Replies