I have found more businesses using content delivery networks sharing IP address space with each other. Let's say business partner ACME is using public ip address 23.5.5.4 and want to see our traffic coming from a specific source address. In the past that's been easy. I add 23.5.5.4 to the local networks defined in VPN settings. The traffic would come back to our data center and take on the source IP that ACME is expecting to see.
But now suppose another company DOPLER is using Akamai to deliver content and the addresses are all over the place in the 23.5.0.0/16 network - at times including the 23.5.5.4 address. In the case of Palo Alto Network firewall terminating global protect, I could use DNS resolution to define the split tunnel over-riding the IP definition. So in this case I could say exclude any *.dopler.com from the split tunnel. But I don't have this option with the Meraki.
Has anyone else run into this issue over overlapping address space causing problems for your split tunneling? Thank you.
