Solved: Overlapping networks

WStoffel1 · ‎11-14-2013

I had a tunnel setup for this inside network 192.168.141.0/24 to access the remote network of 10.90.238.148/24 which was up and functioning.

We had some changes and added the inside 192.168.10.0/24 network with the following route statements:

route K_Inc 10.0.0.0 255.192.0.0 192.168.10.252 1 (10.0.0.0-10.63.255.255)

route K_Inc 10.64.0.0 255.224.0.0 192.168.10.252 1 (10.64.0.0-10.95.255.255)

route K_Inc 10.100.100.0 255.255.255.0 192.168.10.252 1 (10.100.100.0-10.100.100.255)

route K_Inc 10.128.0.0 255.128.0.0 192.168.10.252 1 (10.128.0.0-10.255.255.255)

There was another VPN tunnel with a remote network of 10.99.225.0/24 which is partly why the routes were broken up.

10.90.238.148/24 was missed

What are my options?

1. change the route 10.64.0.0/11 to a slash 12 (provided I have no local 10. addresses that will be affected)

2. dynamic pat...?

any thoughts?

Jouni Forss · ‎11-14-2013

Hi,

If the traffic destined for the overlapping network 10.90.238.0/24 reaches the ASA at the moment then you probably only need

crypto map set reverse-route

This would be a configuration line added to the L2L VPN configuration of the VPN in question which would automatically generate a static route to the ASA based on any remote network configured on the "access-list" that is used in the command

crypto map match address

If you have a network where there are internal routers which have now been included a subnet that contains this remote network then this would probably mean that the traffic destined to this remote network would not reach the ASA at the moment.

In that case you might want to try configuring a specific static route on the router for the remote network 10.90.238.0/24 towards the ASA gateway so that a possible connected network on the router would not affect the operation of this remote network.

Let know if I have missed something with the setup mentioned.

Hope this helps

- Jouni

View solution in original post

Jouni Forss · ‎11-14-2013

Hi,