I have an ASA 5505 connecting to an ASA 5520 as an ezvpn client in network extension mode. The tunnel comes up and functions as it should. The problem I'm having is I want the users on the remote asa 5505 to get to one IP address that is not sent over the tunnel. I have configured a split tunnel policy with 2 entries. The first entry denies access to the one internet host and the second entry allows any access. For some reason, the clients still try to send the traffic for the one address over the tunnel. Hopefully someone can help me out with this.
I have this problem too.