06-03-2014 01:27 PM - edited 03-11-2019 09:17 PM
I have an ipsec site to site tunnel. I need to have only a certain subnet to be tunneled while everything else will go straight out to the internet, using cloud web security web filtering. How can I accomplish this split tunnel? Thanks.
Solved! Go to Solution.
06-03-2014 03:59 PM
Telling us what platform and software version would allow me to give a more precise answer.
That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.
We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.
All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.
06-03-2014 03:59 PM
Telling us what platform and software version would allow me to give a more precise answer.
That aside, on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.
We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.
All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide