My company has been using a site2site VPN connecting the branch office and the HQ. Originally, the HQ only allow the branch network (172.29.4.64/27) to access the HQ network (192.168.10.0/24), and it works fine. Now the branch needs to access another network (192.168.31.0/24) in the HQ. So we both sides added the ACL for the NO NAT and the interesting VPN traffic. But it doesn't work - The 172.29.4.64/27 network still can NOT access the 192.168.31.0/24 network in the HQ. You don't need to think about the problem of the routing and configuration, as the configuraton for 192.168.31.0/24 is same as the configuraton for 192.168.10.0/24. I did some tests and found that the ACL for the interesting VPN traffic does NOT work. It still only allow the 172.29.4.65/27 network to access 192.168.10.0/24. To me it is really weird, I am wondering if it is caused by the protocol.[I am using the esp-des esp-sha-hmac for the transform set.] As the problem doesn't happen on the VPN that uses esp-des esp-md5-hmac protocol.
Could you please help me to figure it out? Thanks in advance!!