cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
144
Views
0
Helpful
1
Replies

OSPF Route v IPSEC VPN

Adam G
Beginner
Beginner

Hello all.

Could anyone point me in the right direction regarding the dilema below.

I have a pair of ASA 5510's running with VLAN Sub-interfaces. For simplicity i'm going to label them 1.3 (192.168.12.0/24) and 1.16 (172.16.100.0/24)

Connected to VLAN.3 is a 2801 Router that is advertising an OSPF route to 172.20.0.0/16 via 192.168.12.253 (MPLS network). I can see this in the routing table on the ASA.

However, I have to configure a new Site-to-Site VPN for a client on VLAN16, which as it would happen, use 172.20.0.0/16 at the remote end. The local networks are segregated and I do not have the 'Same Sec permit' enabled.

When I run a packet tracer from the VLAN16 Network, to 172.20.0.0/16 I can see its trying to egress out of 192.168.12.253.

The million dollar question is am I able to get this Site-to-site to 'ignore' the entry in the routing table and go out via the 'Outside' interface?

You can probably tell I'm a total novice so any assistance would be appreciated.

Thanks.

1 Reply 1

Kelvin Willacey
Enthusiast
Enthusiast

You would probably get a better response if you post this on the security forum.

I think your only option is to either perform desitnation NAT or have the remote end do the natting from their end in order to prevent the overlap.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers