Is it possible to configure remote access (IPSEC client) to force all traffic through the tunnel (no split tunnel) yet still limit the internal hosts that can be accessed?
I have been asked to provide remote access (via ASA5510) with the following requirements:
- the client should have unrestricted internet access via the ASA (the source address will appear to be the outside interface of the ASA)
- the client should have access to only two internal hosts (192.168.10.10 and 192.168.44.10)
Configuring no split-tunnel using the ASDM wizard or using the example provided by Cisco (
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml) results in remote access to all interior networks (0.0.0.0).
Is there a way to limit access to those two internal hosts, while still providing secured internet access? The only way I can see is to use an access list on another device (for example our core switch).
Any suggestions? Thanks in advance for any help.