Hi.
Suppose i have classic static IPSec with remote site like this:
crypto map CRYPTOMAP 10 ipsec-isakmp
set peer x.x.x.x
set transform-set TS
match address crypto_acl
ip access-list extended crypto_acl
permit ip 10.1.0.0 0.0.255.255 10.2.0.0 0.0.255.255
interface Fas0/0
ip address <some internet address>
crypto map CRYPTOMAP
!
interface Fas0/1
ip address 10.1.0.1 255.255.0.0
!
ip route 10.2.0.0 255.255.0.0 <ISP address>
Now i want to establish zone-based-firewall.
I create zones
zone security INET
zone security REMOTE_SITE
zone security LAN
!
zone-pair blah-blah...
!
interface Fas0/0
zone-member INET
!
interface Fas0/1
zone-member LAN
How do i put traffic passing through IPSec tunnel to zone REMOTE_SITE ???
Note: this is NOT ASA, this is IOS.
Note2: remote site is not Cisco and i connot create Tunnel interface.