i have configured split tunnel on ASA5510 so that only the traffic that is destined for the other end of IPSec tunnel goes through the tunnel and the rest does not. something like this:
access-list split extended permit ip 10.10.10.0 255.255.255.0 10.10.11.0 255.255.255.0
group-policy <policy> attributes
split-tunnel-network-list value split
now i want to make sure that traffic to one specific host goes also through the tunnel - ie traffic from 10.10.11.0 vpn clients to 184.108.40.206. is it sufficient to add:
access-list split extended permit ip host 220.127.116.11 10.10.11.0 255.255.255.0
or is there something else? also, how about NAT being that 18.104.22.168 is outside of local network? any suggestions?