Proxy ACLs for the VPNs in IOS I tried using objects

I am trying to apply what I do in the ASA to the IOS.

When I build my ASA Proxy ACL for the VPNs I use objects.

So when I build my Proxy ACLs for the VPNs in IOS I tried using objects.

However, I was finding the “interesting traffic” would never fire up the VPN unless I used IP addresses.


Is this meant to be like this?

So do not use objects on IOS?



ip access-list extended ACL-IPSEC-IKEV1-L2L-R2-TO-A1

 permit object-group IP object-group X2-L102-NAT object-group X1-L101-NAT

 permit ip host 172.20.2.102 host 172.20.1.101





R2#sh object-group name IP

Service object group IP

 ip



R2#sh object-group name X2-L102-NAT

Network object group X2-L102-NAT

 host 172.20.2.102



R2#sh object-group name X1-L101-NAT

Network object group X1-L101-NAT

 host 172.20.1.101

Sign In or Register to comment.