I have a VPN over internet with two Cisco 1710 routers, with NAT. It works fine. But I want to limit traffic over VPN with:
interface Ethernet0
rate-limit inpur access-group 103 8000 8000 8000 conform-action transmit exceed-action drop
access-list 103 permit tcp any any range ftp-data ftp
And with "sh access-list" ftp traffic never matches access-list 103. If I use "access-list 103 permit ip any any" then it matches access-list.
I think the problem is with access-lists based in protocol.
Thanks in advance.