I have a remote site (SiteA) that use IPsec GRE VPN to connect to the main site (SiteB) over the internet. Everything works fine and I have ACLs in the dialer interface that only allow IPSec, GRE and ICMP traffic in and out.
However, whenever I apply or remove the ACL on the dialer interface, the connectivity to the LAN hosts (except the router LAN interface) will be lost.
I've found a ridiculous walkaround. If I apply the same crypto-map to the LAN interface (which normally you won't), everything works again. Even then I remove the crypto-map on that LAN interface, it still works.
So now the trigger point for the "bug" is:
1) Apply ACL on dialer interface
or
2) Remove ACl on dialer interface
And the walkaround is:
1) Apply crypto-map to the affected LAN interface
2) (Optional) Remove crypto-map on that LAN interface what is just applied.
Anyone has hit this "bug" b4? I've searched for other bug IDs but so far nothing mentioned exactly the same as the above phenomenon.
However, whenever I apply or remove the ACL on the dialer interface, the connectivity to the LAN hosts (except the router LAN interface) will be lost.
I've found a ridiculous walkaround. If I apply the same crypto-map to the LAN interface (which normally you won't), everything works again. Even then I remove the crypto-map on that LAN interface, it still works.
So now the trigger point for the "bug" is:
1) Apply ACL on dialer interface
or
2) Remove ACl on dialer interface
And the walkaround is:
1) Apply crypto-map to the affected LAN interface
2) (Optional) Remove crypto-map on that LAN interface what is just applied.
Anyone has hit this "bug" b4? I've searched for other bug IDs but so far nothing mentioned exactly the same as the above phenomenon.
