Hi Deepak I think you will find that neither of these will work for you.
The ACL matches/encrypst traffic from the view of the client, so in your case it will be traffic travelling from the 192.168.10/24 to 10.10.10.0/24networks that needs to be encrypted. Your ACL will need to match traffic for this flow. The split tunnel ACL really just creates routes based on the destination network pointing into the tunnel though, so matching the source network in your ACL is not required and actually is less scalable as an ACL will need to be created for each different IP Pool/VPN Group if you do it that way. In your case the best ACL to use would be something like this access-list 10 permit ip 10.10.10.0 0.0.0.255 Thanks Ben
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
