Hi all, hope somebody can help me out or point me in the right direction with this one. This is my setup: HQ - MX behind an ASA Branch - MX with AutoVPN to HQ with DSL connection HQ is on a 10.32.0.x subnet with a static IP in that range, gateway is set to the core switch IP Branch is on a 10.32.18.x subnet with a route on the ASA to allow reaching the network beyond the HQ MX Everything works as expected with the VPN,from the branch we can reach any 10.32.x .x subnet as well as subnets in the range 172.30.x.x. coming from the ASA Now it becomes murky, currently because we have the Default route ticked in Site-to-Site VPN, all our traffic goes over the VPN, we need to change this behaviour to ensure only advertised subnets go over the VPN and all internet traffic breaks out locally. I know that by unticking the Default Route, I will get local internet breakout for non-vpn traffic, but this means that I can only reach the 10.32.x.x subnets and crucially not the 172.32.x.x subnets. I tried adding another VLAN in the 172 subnet but it didn't work because the MX doesn't know how to route this vlan, I also tried adding a static route but this also failed. So now I'm stumped. It might well be that my inputs in vlans/static were wrong, any help would be greatly appreciated. Feel free to ask for more details.
... View more
