I need to encapsulate a L2TPv3 tunnel in a crypto session. Without CSM, I just need to add
permit 115 host HOST-A host HOST-B
in the CSM_IPSEC_ACL related to the hosts in charge of the crypto link.
But this ACL is 100% managed by CSM, so it recreates a new one each time I push a config.
I tried to create flex prepend to remove my settings, and flex append to recreate it, but CSM makes its checks before prepend. So it works the first time and the second, CSM create a new ACL.
Any idea to force CSM to accept my current settings (and let it continue to manage the VPNs) ?
PS: I'm using CSM 3.3.1 sp2