I have a 5506x with the following config
inside interface 10.0.0.2/24
outside interface 10.1.0.2/24 (Public NAT done at another device on the outside interface gateway)
interface:inside 10.0.0.0/8 gateway: 10.0.0.1
interface:outside 0.0.0.0/0 gateway:10.1.0.1
We've a few tunnels already configured but the remote addresses have always been public addresses. However now I need to configure a remote network of 10.3.0.0/24 and I believe the /8 is causing issues routing traffic via the tunnel.
Would any of you have a suggestion as how to best address this issue? (I read a few articles saying a static for 10.3.0.0/24 on the outside interface wouldn't work)
It won't cause any trouble as the route for the remote network is more specific. Just make sure that the ASA has a route:
"However now I need to configure a remote network of 10.3.0.0/24 and I believe the /8 is causing issues routing traffic via the tunnel."
Did you try and got an error?
As mentioned by Karsten, you can just set the new static route to the remote subnet 10.3.0.0/24 pointing to the next hop 10.1.0.1, and as this will have longer match it will be chosen over the 10.0.0.0/8.
Make sure please that all the other bits and pieces are in place, such as adding this new subnet to the encryption domains, identity NAT if applied.
Regarding routing the RFC1918 to the internet, that technically speaking is possible, and from the ASA perspective is just like any other packets to be routed. However, the ISPs do not allow the RFC1918 to be routed on their public network, hence, they just drop that traffic as soon as they seen it.