I use GREinIPSec VPNs to connect office LANs to our headquater. Now I need to restrict the traffic from one of the offices and I have to do the restriction on the headquater router.
I thought the easiest way to do this is to create an ACL and put it on the Tunnel interface (ip access-group xxx in).
I tried that but the ACL didn't block anything, even it was an "deny ip any any" ACL.
What's my mistake?