Can you add a service object group in an encryption domain when setting up a s2s on an ASA?
Example:
object-group network local
network-object host 10.0.1.0
object-group network remote
network-object host 10.0.2.0
object-group service ports
service tcp-udp destination eq 3389
service tcp-udp destination eq 8080
access-list 100 permit object-group ports object-group local object-group remote
Thanks