Firewalling a Cisco ASA Split tunnel
- by dunxd
I have a Cisco ASA 5510 at head office, and Cisco ASA 5505 in remote offices.
The remote offices are connected over a split tunnelled VPN - the ASA 5505s use "Easy VPN" Client type VPN in Network Extension Mode (NEM). I'd like to set firewall rules for the non-tunnelled traffic only. Traffic over the VPN to head office should not have any firewall rules applied.
I might want to apply different firewall rules to different remote offices.
All the documentation I have been able to find assumes the Client VPN is a software endpoint, and all the configuration is done at the 5510.
When using a Cisco 5505 as the VPN client, is it possible to configure any firewalling at the Client end, or does it all have to come from the 5510? Are there any other issues to look out for when split-tunnelling a VPN by this method?