Firewalling a Cisco ASA Split tunnel
Posted
by
dunxd
on Server Fault
See other posts from Server Fault
or by dunxd
Published on 2011-01-14T10:48:29Z
Indexed on
2011/01/14
10:55 UTC
Read the original article
Hit count: 301
I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices.
The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied.
I might want to apply different firewall rules to different remote offices.
All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510.
When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?
© Server Fault or respective owner