Cisco ASA - Site to site IPSec tunnels to two different remote sites with overlapping destination subnets
Can anyone help on this?
I need to set up two IPSec tunnel from a cisco ASA to two remote sites. I'm not sure how the Cisco ASA would route traffic through two IPSec tunnels to two remote sites when one destination subnet (site B) is a supernet of the other destination subnet (eg. site A)
1) The trusted network connecting to the Cisco ASA is 10.20.20.0/24 (site C)
2) Remote site A subnet is 10.0.0.0/8
3) Remote site B subnet is 10.255.0.0/16
As shown above 10.255.0.0/16 is a supernet of 10.0.0.0/8
If I configure two crypto maps:
1) Crypto map for site A will include subnet 10.0.0.0/8
2) Crypto map for site B will include subnet 10.255.0.0/16
Both crypto maps above will also include subnet 10.20.20.0/24 (site C)
Would the above configuration work in terms of routing? How does the Cisco ASA know that 10.255.0.0/16 needs to go to site B rather than site A?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...