at the moment I have some vpn-filters applied to remote access VPN groups defined and everything works as expected (sysopt connection permit-vpn is enabled).
Now I need to setup a few L2L tunnels and I want to restrict traffic beyond the crypto-acl level. I think I have 2 options here
1. disabling sysopt connection permit-vpn and define ACEs on the outside ACL for all my RA and L2L tunnels (not preferred by me)
2. Simply use vpn-filter for L2L tunnels too
Is option 2 possible? As far as my IPSec experience goes I think that this is a remote-access VPN option only, but the documentation is very vague about that.
Thanks in advance!