If I create a crypto map there is the command match addres (acl). My question is; Is this acl defining the only traffic that will be allowed down the tunnel or will other traffic be allowed down the tunnel and just not encrypted.
Hi Chris and Daniel,
All traffic permitted by the crypto acl will be directed through the IPSec tunnel.
The rest of the traffic will not use the tunnel, but will be transmitted over the link.
"permit ip any any" is allowed on crypto acls like on any other acls. Its use is dependent on how you want to define your interesting traffic.