Could someone explain in their own words the split-tunnel and client firewall being used in tandem? I'm referencing the Cisco ASA All-in-One guide and it shows a split tunnel as being a standard ACL to push access routes to the client. It then describes Central Protection Policy as a way to push firewall policies in the form of extended ACLs.
I was wondering why you would need CPP when you could just send the split-tunnel ACLs with L4 information or do split-tunnel ACLs have to be standard? Also, I'm not quite understanding the the direction for filtering traffic with CPP, are you trying to filter traffic from the outside network to the inside corporate through the client or are you trying to filter traffic from the client to particular devices in the coporate network?