We help IT Professionals succeed at work.



If I tie an access list of permit IP any any into a site to site VPN, will that start encrypting all Internet bound traffic and firing it all over the VPN???  I have a site and I need all there traffic to be sent over the VPN to are london office and then get sent out to the internet. I know I can put and access list in that says IP ANY ANY and this would be fine on the remote site end but the ACL has to match on the london site. I obviously dont want all traffic been caught by the crypto map in london and get fired to the remote site.

I have had this working with a Cisco 5505 ASA in the remote office but that's with the EASY VPN feature and NO split tunneling. I need this to work with a Cisco 5510 in the remote site.
Watch Question

Technical Consultant
Distinguished Expert 2019
>>If I tie an access list of permit IP any any into a site to site VPN,

Only if that access-list is declared in a cryptomap like

crypto map outside_map 1 match address acl_name

>> with the EASY VPN f

I think that if you use EAST VPN you cannot have a site to site IPSEC VPN to another site, though I may be wrong


The end result of a EASY VPN in network entension mode is pretty much the same as a site to site. The ony difference is the 5505 is acting as a VPN client rather than an endpoint.

So it's not possible to tie that access lists into a crypto map without taking down Internet access?