Solved: Please confirm: ASA Anyconnect split-tunnel access list extended...

jmaxwellUSAF · ‎01-06-2023

"access-list Split-Tunnel extended permit ip host 1.1.1.1 object VPN-Pool"...

My understanding is that it is best practice to make the ASA split-tunnel access list a STANDARD access list, because the destination element in this EXTENDED version of the access list is never queried (it is irrelevant). If this is true, then when troubleshooting I will always ignore the data in the destination element.

Is the destination element in this EXTENDED version of the access list never queried (it is irrelevant)? Please don't confirm if you are not certain. Please also reply with any related relevant thoughts.

Thank you!

Rob Ingram · ‎01-06-2023

@jmaxwellUSAF from the cisco docs - https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/asdm714/vpn/asdm-714-vpn-config/vpn-asdm-setup.html?bookSearch=true#ID-2188-00000218

View solution in original post

Rob Ingram · ‎01-06-2023

@jmaxwellUSAF from the cisco docs - https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/asdm714/vpn/asdm-714-vpn-config/vpn-asdm-setup.html?bookSearch=true#ID-2188-00000218