Hi NG,
One of my customers router is configured as a EZVPN startpoint. To collect all local subnets to forward into that VPN an ACL is setup.
I'd like to exclude a specific traffic pattern from going over the VPN. Src = one single host of subnet 3 dst = URL
currently its done with the IP of the remote subnet. Due to the fact that the remote address may change i'd like to replace the remote ip subnet by its URL.
Does anyone has an idea how to do that?
---snip--- crypto ipsec client ezvpn US2Europe connect auto group group-g2 key xxxxxxxxxxxxxxxxxxxxxxxxxxxx mode network-extension peer x.x.x.x acl inside_networks flow restrict virtual-interface 1 username snipped-for-privacy@provider.net password xxxxxxxx xauth userid mode local ! ! ip access-list extended inside_networks permit ip 0.0.0.255 any permit ip 0.0.0.255 any ! deny ip host 0.0.0.255 ! permit ip 0.0.15.255 any
---snip---
tnaks for any hints. stephan