Firewalling a Cisco ASA Split tunnel

Posted by dunxd on Server Fault See other posts from Server Fault or by dunxd
Published on 2011-01-14T10:48:29Z Indexed on 2011/01/14 10:55 UTC
Read the original article Hit count: 302

Filed under:
|
|
|

I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices.

The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied.

I might want to apply different firewall rules to different remote offices.

All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510.

When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?

© Server Fault or respective owner

Related posts about firewall

Related posts about ipsec