Generally, on "the street" we have or acquire public ip's from arin that are not in the bgp table... that is what we usually do... to prevent this kind of stuff.
In your case, I would make the vpn users come to any and ALL ip's via the vpn I want them to use via vpn and let the routing rules handle it behind the vpn... this may be a tunnel, or however you see fit and that is a perfectly acceptable solution...
But, in an age of citrix netscalers and other remote ssl proxy solutions - maybe the users should not even be on vpn? While you probably cant address that today, why do you need a vpn any more when better, less problematic solutions to support exist?
thanks
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Dennis Worth
Sent: Friday, January 25, 2013 12:54 PM
To: Cisco certification
Subject: OT:remote access VPN routing transit
Group,
I am faced with slight problem and am reaching out to see what others have done on BCP basis. Company A was aquired by Company B and is company B is advertising to company A and large amount of public IP's that are internally used by them to access all the internal apps etc @ Company B.
Now the dilema is that all the remote VPN users are split-tunneling a
10.x.x.x/8 which is Company A's entire network internally and need to hit the parent company B's subnets.
1st thought was to advertise a laundry list of subnets over the VPN for which users could route accordingly. Not sure this is right approach.
2nd thought was can I tunnel everything and send hem back out FW.
Maybe an easy solution here, but just not seeing it.
any thoughts or has any one had similar scenario?
Thanks group for all your help,
-- Dennis Worth Blogs and organic groups at http://www.ccie.netReceived on Tue Jan 29 2013 - 23:26:40 ART
This archive was generated by hypermail 2.2.0 : Sun Feb 03 2013 - 16:27:18 ART