cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1797
Views
5
Helpful
1
Replies

Exclude IPs from VPN Tunnel

Hi

i have setup up a VPN from my office to a remote office as below to allow certain subnets to access certain remote networks.

However there is a certain subnet from my office (10.198.22.0 /24) that needs to access IP address 10.133.120.30 which is going over the tunnel but i dont want to go over the tunnel.

How can i do this?

Do i create another rule via the asa5520 gui to say no protect to make it not go via the tunnel?

Marco               

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

On the NAT exemption access-list/rule just configure a "deny" statement for that particular ip address:

access-list deny 10.198.22.0 255.255.255.0 host 10.133.120.30

The above ACL needs to be on top of the "permit" statement.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: