Is it possible to do split tunnelling with a site to site VPN connection using Cisco ASAs?
We have a Cisco ASA 5510 at head office, and Cisco 5505 in our branch office, currently connected via a Site-To-Site VPN. I'd like to give direct access to the internet for hosts in the branch office. Is it possible. I know it can be done for Remote Access VPN connections (Easy VPN), but can't find any documentation on Site-To-Site, so wondering if it is missing, or isn't there because it can't be done.
Best Answer
Your standard site-to-site IPSec tunnel is only going to match "interesting" traffic: that is, your destination and source IP address matches the encrypt ACL setup.
Unless you set something up like 0.0.0.0 in your encrypt acl (or are using a proxy at head office), it should already be split-tunneled.
EDIT
You should be able to do a traceroute to Google, etc. to verify that your packets are leaving your 5505.