I've got a site-to-site IPSEC VPN tunnel working just fine between a couple of routers.
Aside from the "interesting traffic" access-list, is there any way for a 2nd access list to be applied to traffic *AFTER* it goes through the tunnel?
Or is the only proper way to restrict tunnel traffic via the "interesting access-list"?
(I only have control of one side of the tunnel, so obviously I can modify MY "interesting traffic" access list, but that only applies to outgoing traffic... I'd like to further restrict traffic incoming to my router on the tunnel without going through the bureaucracy of getting changes on the remote site's router)