We own a /16 and will be extending a portion of it (/23) across a site-to-site tunnel. What's the best way to define the crypto ACL? The spoke site will be sending all traffic across the tunnel, but the core will only be sending the /23. On the Core, I was thinking of specifying 0.0.0.0/0 or 'any' as the source and the /23 as the destination, but I've never configured it that way before & not sure if it will work. Does anyone have any suggestions?
permit ip 0.0.0.0 0.0.0.0 220.127.116.11 255.255.254.0
permit ip 18.104.22.168 255.255.254.0 0.0.0.0 0.0.0.0
A buddy of mine also suggested configuring it as a standard /16 to /23, but will that work if the /16 already encompasses the /23 & it overlaps?
Thank you for any assistance!