I've been using this doc to configure filtering rules between two sites.
For the life of me, I cannot get the rules to 'stick'. Once I have built the ACL, then the group policy, and then applied it to the tunnel-group attributes, it should just work ... no? See the configuration of my ASA5505 attached. This is the destination - I want to limit source traffic. What am I doing wrong? After doing all of this, I've tested it several times and traffic that is not being implicitly allowed, is still getting through.
I went through this exact that 2 weeks ago. Just bounce the tunnel and your rules will go into effect. What I don't understand is why in any other case when you change an ACL it's immediate and in this case the tunnel needs to be re-init'd. It's weird. Good luck to you!