01-27-2018 05:26 PM - edited 03-12-2019 04:57 AM
Hello to all,
So to start this off, I have a remote site in NY that we have a VPN connection to, and we had some DR servers setting behind this ASA, as of now this is how this location looks.
We need to move the 10.90.19.0/24 to its own site behind its own ASA(NJ).
as such ...
After doing this we noticed this sites VPN did not come up, and when pinging 10.90.19.1 traffic is being routing to the NY still. but on a traceroute behind our main asa we see 10.90.19.1 being hit all the way though to the 30th hop.
Any thoughts will be very much appritated.
I can add any addition information as needed. Thank you.
Solved! Go to Solution.
01-27-2018 05:58 PM
1. Change the encryption domains so they are not overlapping.
2. Build a VPN between NY and NJ.
01-27-2018 05:58 PM
1. Change the encryption domains so they are not overlapping.
2. Build a VPN between NY and NJ.
01-27-2018 06:06 PM
At the moment we are not able to change the encryption domains so they are not overlapping.
This network was made before I was in this position, I do relize this is a very bad design. We just need to correct this for the time being.
In the future we will be able to move this to it's own seprate network witch would not be overlaping with the 10.90.0.0 network.
01-28-2018 11:57 AM
Hi,
You may be able to NAT 10.90.19.0/24 to another subnet (ex: 172.16.20.0/24) on NJ ASA and then setup vpn to 172.16.20.0/24. Not the clean way but will resolve the issue for now.
hth
MS
01-28-2018 12:12 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide