Yep, both standard ACL and extended ACL can be used to define split tunnelling. If you on the ASA make sure you use "standard" keyword after the name. And being more specific has always been better for the device performance
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Fawad Khan Sent: Wednesday, June 06, 2012 9:39 AM To: Deepak N Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Split tunnel acl Both should work option 1 is better. On Wednesday, June 6, 2012, Deepak N wrote: Hi all, Suppose my ip pool is 192.168.1.0/24<http://192.168.1.0/24> and i want to tunnel to only 10.10.10.0/24<http://10.10.10.0/24> , should i configure my split acl like 1) access-list 101 permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255 OR 2) access-list 101 permit ip 10.10.10.0 0.0.0.255 any Regards, Deepak -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
