10-06-2008 10:20 AM - edited 03-11-2019 06:53 AM
Hi,
I wonder if anyone can explain why the following occurs and if there is a way around it.
Lets say i have a site with 2 outgoing connections. One is an IPSec lan-2-lan connection via an ASA\PIX firewall to 10.0.1.0/24. The other is an internal private WAN connection to every other 10.0.0.0/8 address.
If i specify a static route on the firewall directing 10.0.0.0/8 to our internal private WAN then this "breaks" the VPN to 10.0.1.0/24. Clearly this is because the firewall thinks 10.0.1.0/24 is now available by the internal private WAN. Even though it has an IPSec VPN configured for 10.0.1.0/24.
This means that i would need to add routes on the firewall for every 10.0.0.0/8 address with the exception of 10.0.1.0/24. This is quite "fiddly" to say the least.
Is there any easier way to do this?
Many Thanks
Andy
Solved! Go to Solution.
10-06-2008 10:46 AM
Hi,
Can I assume that, from your asa perspective, your WAN link does not exit the asa from the outside interface...
Your cryto-map is apply to the outside interface, add a static route to your asa to force trafic destined to 10.0.1.0/24 to exit from that interface.
If this is not the case, please give us a idea of your network topology.
10-06-2008 10:46 AM
Hi,
Can I assume that, from your asa perspective, your WAN link does not exit the asa from the outside interface...
Your cryto-map is apply to the outside interface, add a static route to your asa to force trafic destined to 10.0.1.0/24 to exit from that interface.
If this is not the case, please give us a idea of your network topology.
10-06-2008 11:03 AM
Hi Dominic,
Yes, You are correct. The WAN link to the other 10.0.0.0/8 networks is not connected to the firewall.
What would the static route look like?
route outside 10.0.1.0 255.255.255.0 ip_of _outside_iterface?
Appreciate your help,
Thanks
Andy
10-06-2008 11:36 AM
yes, that should work. If now, will do some debug :)
10-07-2008 12:13 AM
Excellent - that worked great.
Appreciate your help :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide