I have a 515 running ASA 7.2 software which is configured as a remote access vpn, site to site tunnel, and is a firewall between hosts on the inside and the Internet. VPN was working fine until I placed an ACL on the inside interface. I was always under the impression that vpn traffic was exempt from ACLs, but just to make sure I added an ACL that permitted hosts on the inside network to hosts on the remote access network. Inside network being 10.0.0.0/8 and the vpn remote access network being 192.168.8.0/24
my access list read
permit ip any 192.168.8.0 255.255.255.0
and was getting hits. Now though I've been having problems with remote access clients being able to use certain protocols and apps. They are able to establish the tunnel, but when trying to make a connection to say remote desktop, they temporarily make the connection but then get the error
"because of an error in data encryption, your session will end." I've removed the ACL, but the behavior persists. No other changes have been made, I've rebooted the firewall and my Internet router. The same behavior is apparent on the site to site tunnel as well. I enabled some debugging on crypto, but nothing really looks wrong with the connections being made, only the traffic being sent over the tunnels. Anyone have any ideas?