Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
5
Helpful
1
Replies

Exclude IPs from VPN Tunnel

marco.guttadauro_2
Level 1
Level 1

‎10-03-2012 02:53 PM

Hi

i have setup up a VPN from my office to a remote office as below to allow certain subnets to access certain remote networks.

However there is a certain subnet from my office (10.198.22.0 /24) that needs to access IP address 10.133.120.30 which is going over the tunnel but i dont want to go over the tunnel.

How can i do this?

Do i create another rule via the asa5520 gui to say no protect to make it not go via the tunnel?

Marco               

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-03-2012 07:18 PM

On the NAT exemption access-list/rule just configure a "deny" statement for that particular ip address:

access-list deny 10.198.22.0 255.255.255.0 host 10.133.120.30

The above ACL needs to be on top of the "permit" statement.

Customers Also Viewed These Support Documents