Split tunnelling for Site to Site VPN on Cisco ASA

Question

Is it possible to do split tunnelling with a site to site VPN connection using Cisco ASAs?

We have a Cisco ASA 5510 at head office, and Cisco 5505 in our branch office, currently connected via a Site-To-Site VPN. I'd like to give direct access to the internet for hosts in the branch office. Is it possible. I know it can be done for Remote Access VPN connections (Easy VPN), but can't find any documentation on Site-To-Site, so wondering if it is missing, or isn't there because it can't be done.

gravyface · Accepted Answer · 2011-02-03T13:42:11.267

2

Your standard site-to-site IPSec tunnel is only going to match "interesting" traffic: that is, your destination and source IP address matches the encrypt ACL setup.

Unless you set something up like 0.0.0.0 in your encrypt acl (or are using a proxy at head office), it should already be split-tunneled.

EDIT

You should be able to do a traceroute to Google, etc. to verify that your packets are leaving your 5505.

edited Feb 03 '11 at 13:42

answered Feb 03 '11 at 13:31

gravyface

13,947
16
65
100

Thanks. That's a nice answer. My searching is fruitless, but I can do what I need anyway :-) – dunxd Feb 03 '11 at 13:40
Why'd you unmark this as the correct answer? – gravyface Feb 04 '11 at 21:53

Split tunnelling for Site to Site VPN on Cisco ASA

1 Answers1