Attached is the part of the config of my Cisco 877 router at a remote small office. It connects to a Cisco ASA at the HQ where all servers are kept.
The VPN is working fine and I have been testing with the ACL on the 877 and realiased nothing I changed on the config made any difference. So under "Interface Dialer1" I removed "ip access-group inbound_acl in) and then deleted "ip access-list extended inbound_acl" and the VPn is still fine!!
The remote site can connect to all systems over the VPN and visa versa, I thought "ip access-list extended inbound_acl" allowed inbound access to this remote site - clearly not.
I can only think the SA "access-list 101 permit ip 172.19.2.0 0.0.0.255 any"
"crypto map MY_Crypto_Map 10 ipsec-isakmp
match address 101"
Are allowing all the traffic through,?
Hope you can clear this confusion up for me.