Proxy ACLs for the VPNs in IOS I tried using objects
I am trying to apply what I do in the ASA to the IOS.
When I build my ASA Proxy ACL for the VPNs I use objects.
So when I build my Proxy ACLs for the VPNs in IOS I tried using objects.
However, I was finding the “interesting traffic” would never fire up the VPN unless I used IP addresses.
Is this meant to be like this?
So do not use objects on IOS?
ip access-list extended ACL-IPSEC-IKEV1-L2L-R2-TO-A1
permit object-group IP object-group X2-L102-NAT object-group X1-L101-NAT
permit ip host 172.20.2.102 host 172.20.1.101
R2#sh object-group name IP
Service object group IP
R2#sh object-group name X2-L102-NAT
Network object group X2-L102-NAT
R2#sh object-group name X1-L101-NAT
Network object group X1-L101-NAT