I am using ASA 5512x with IPS module, my IPS is using the default ip address 192.168.1.1 and 192.168.1.2, and my inside network is 172.16.0.0. Below 192.168.0.x network is my site-to-site vpn network at remote site.
I have added the class map and access list like below
access-list aclist_ips extended deny ip host 192.168.1.2 any access-list aclist_ips extended deny ip 192.168.0.0 255.255.0.0 any
access-list aclist_ips extended permit ip any any
class-map ips_class_1 match access-list aclist_ips
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...