I have configured remote access VPNs for AnyConnect using the FMC. It was easy to apply an extended ACL as a VPN filter as the option is simply a drop-down. So how do I accomplish the same thing with a site-to-site VPN tunnel? Do I simply add the same rules to the access-list on the outside interface? What happens with 'sysopt permit-vpn' where VPNs bypass the ACL. How do I still implement a VPN filter? From the VPN setup wizard under 'Advanced > Tunnel'
Sooooooo, where do I apply the VPN filter ACL? Keep in mind this is a site-to-site VPN, and it's between a Firepower 2100 and an unknown third party device, meaning I don't know if it's Cisco, Palo Alto, Checkpoint, Juniper, etc.