Hello to all,
So to start this off, I have a remote site in NY that we have a VPN connection to, and we had some DR servers setting behind this ASA, as of now this is how this location looks.
We need to move the 10.90.19.0/24 to its own site behind its own ASA(NJ).
as such ...
After doing this we noticed this sites VPN did not come up, and when pinging 10.90.19.1 traffic is being routing to the NY still. but on a traceroute behind our main asa we see 10.90.19.1 being hit all the way though to the 30th hop.
Any thoughts will be very much appritated.
I can add any addition information as needed. Thank you.
Solved! Go to Solution.
At the moment we are not able to change the encryption domains so they are not overlapping.
This network was made before I was in this position, I do relize this is a very bad design. We just need to correct this for the time being.
In the future we will be able to move this to it's own seprate network witch would not be overlaping with the 10.90.0.0 network.
You may be able to NAT 10.90.19.0/24 to another subnet (ex: 172.16.20.0/24) on NJ ASA and then setup vpn to 172.16.20.0/24. Not the clean way but will resolve the issue for now.