I have a question with regaurd to the IOS ZFW. I have a 3 node netwrok that are all communicating via VPN, 1 HQ and two Branches. I configured teh ZFW on the HQ router. I have used the CCP to configure the ZFW and have configured it manually from the CLI. What I notice is there is no ploicy to permit VPN. However the VPN's and eigrp adjacencies stay up. I have not had to specifically permit the VPN traffic isakmp etc.
I have experimented with the DMVPN tunnel assigned to the inside and having not assigned to any zone and the tunnel stays up to the branches.
Not sure if ayone else has come across this?? Its as though the ZFW knows to permit this traffic however there is no policy defined, at least from what I see in the config.