Is it possible to apply a 2nd policy (basically, one that is applied after traffic exits a tunnel) to further limit traffic based on additional criteria? I can do this with multiple VPNs, but I would rather the simplicity of a single tunnel.
For example:
Subnet 172.16.1.0/24 is accessed by 192.168.1.0/24 over a tunnel.
Some hosts in the 192.168.1.0 network should be allowed access to only specific resources, while the remainder of hosts (non-contiguous addressses) should have unrestricted access.
Thanks!
Les