Showing results for 
Search instead for 
Did you mean: 

Anyconnect VPN - Split Tunnel - Overlapping RFC1918 Networks - Binding Order

I have a routing problem when connecting to our ASA5550 and split tunneling. The issue is surrounding overlapping RFC1918 space. For instance I am sitting on a private network where the DNS server is in RFC 1918 space, say But that network is only reachable via my default gateway on the Iocal LAN network. I then connect to a remote network that has overlapping IPs with my current host. When this occurs, I can access the remote network resources appropriately, since the remote ASA is passing me the correct routing table for the connection. The remote networks overlap with my local DNS server. Again, the local DNS server is only reachable via my default route. However that routing table is more specific than my default route to my local DNS server.

Keep in mind this is for illustration, we have users that do this from home and on the road when an ISP provides DNS servers in overlapping RFC1918 space. I cannot always control the DNS servers assigned to the local LAN or to an aircard or MiFi. This is the crux of the issue.

Does anyone have a working resolution to this situation? it canot be some custom route done local to the host, unless it is done out of the ASA configuration. it also has to accomodate the unknown in terms of local LAN.

Anyone up for a challenge? I have a ticket open with Cisco and they are struggling with this.


0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers