03-29-2015 06:16 AM
I'm configuring RA IPSEC VPN on ASA and I would like to figure out whether it is possible to use extended acls as a part of split tunneling?
Thank you!
Solved! Go to Solution.
03-29-2015 08:14 AM
Yes, you can use extended ACL. Refer this example :http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html
Regards,
Abaji.
03-29-2015 01:49 PM
Even if you use an extended ACL the ASA will "convert" the ACL (I use the convert statement very lightly) to a standard ACL. The source IP / subnet will be used for split tunneling and the destination will be ignored. So unless you configure the source IP with the destination network, the extended ACL will not work.
--
Please remember to select a correct answer and rate helpful posts
03-29-2015 08:14 AM
Yes, you can use extended ACL. Refer this example :http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/70917-asa-split-tunnel-vpn-client.html
Regards,
Abaji.
03-29-2015 10:29 AM
The first question that comes to my mind is: Why do you want to do that? Split-tunneling is used for routing-decisions on the client. And on the ASA, that's what standard ACLs are used for. Although you can use an extended ACL for split-tunneling, using a standard ACL is the "native" ASA-way to handle that.
03-29-2015 01:49 PM
Even if you use an extended ACL the ASA will "convert" the ACL (I use the convert statement very lightly) to a standard ACL. The source IP / subnet will be used for split tunneling and the destination will be ignored. So unless you configure the source IP with the destination network, the extended ACL will not work.
--
Please remember to select a correct answer and rate helpful posts
08-16-2022 11:30 PM
Hi Karsten Iwen,
When you want to use fqdns for your split tunnel ACL, it can't be done using standard but extended. That's a use case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide