Do I need to specify the source IP address & mask in my access-list that's referenced in the crypto map "match address" line or can I just say "any"?
If I want to send certain traffic to one tunnel and other traffic to a different tunnel based solely on the destination address, can my access lists look like:
access-list main_tunnel extended permit ip any 192.168.1.0 255.255.255.0
access-list other_tunnel extended permit ip any 192.168.2.0 255.255.255.0
(and then, obviously, reference the appropriate access list in two different "crypto map" configs.
I'm just wondering because all the examples & templates that I've seen specify both the source & destination IPs but since all my sites just have one subnet on the LAN, I might as well just say "any", right?
Any downside to this?