>
> Can you just use this?
>
> ike esp from {192.168.10.0/24 (192.168.0.0/22)} to 10.78.1.0/24 [...]
>
> This would mean that 192.168.0.0/24 is covered in the flow as well, but
> unless you also have a matching NAT rule, packets from 192.168.0.0 won't
> make it through.This would do it with my example. In real life I have subnets from 10/8 and 172.16/12 range. So this workaround is unfortunately not possible.
