We help IT Professionals succeed at work.

VPN

HI

If I tie an access list of permit IP any any into a site to site VPN, will that start encrypting all Internet bound traffic and firing it all over the VPN???  I have a site and I need all there traffic to be sent over the VPN to are london office and then get sent out to the internet. I know I can put and access list in that says IP ANY ANY and this would be fine on the remote site end but the ACL has to match on the london site. I obviously dont want all traffic been caught by the crypto map in london and get fired to the remote site.

I have had this working with a Cisco 5505 ASA in the remote office but that's with the EASY VPN feature and NO split tunneling. I need this to work with a Cisco 5510 in the remote site.
Comment
Watch Question

Technical Consultant
Distinguished Expert 2019
Commented:
>>If I tie an access list of permit IP any any into a site to site VPN,

Only if that access-list is declared in a cryptomap like

crypto map outside_map 1 match address acl_name

>> with the EASY VPN f

I think that if you use EAST VPN you cannot have a site to site IPSEC VPN to another site, though I may be wrong

Author

Commented:
The end result of a EASY VPN in network entension mode is pretty much the same as a site to site. The ony difference is the 5505 is acting as a VPN client rather than an endpoint.

So it's not possible to tie that access lists into a crypto map without taking down Internet access?