Solved: site to site split tunnel vpn

tolinrome tolinrome · ‎06-03-2014

I have an ipsec site to site tunnel. I need to have only a certain subnet to be tunneled while everything else will go straight out to the internet, using cloud web security web filtering. How can I accomplish this split tunnel? Thanks.

Marvin Rhoads · ‎06-03-2014

Telling us what platform and software version would allow me to give a more precise answer.

That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.

We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.

All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.

View solution in original post

Marvin Rhoads · ‎06-03-2014

Telling us what platform and software version would allow me to give a more precise answer.

That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.

We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.

All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.