Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

site to site split tunnel vpn

I have an ipsec site to site tunnel. I need to have only a certain subnet to be tunneled while everything else will go straight out to the internet, using cloud web security web filtering. How can I accomplish this split tunnel? Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Telling us what platform and

Telling us what platform and software version would allow me to give a more precise answer.

That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.

We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.

All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.

1 REPLY
Hall of Fame Super Silver

Telling us what platform and

Telling us what platform and software version would allow me to give a more precise answer.

That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.

We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.

All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.

127
Views
0
Helpful
1
Replies
CreatePlease to create content