Currently have a 2911 in place running as a hub for a hub and spoke DVTI IPSec setup.
It has a zone based firewall (with the DVTI's being in their own zone etc...) and everything works as it should. The two zone pairs between the safe zone and vpn zone are both inspect on egress and ingress.
I have now purchased a second 2911 to act as another hub - I've set up everything exactly the same as Hub1 the only difference is this router is software version 15.2 whilst Hub1 is 15.0.
Traffic does not want to flow from Hub1 to Hub2, whilst it works for Hub2 to Hub1 - It has an inspection rule on the firewall so for a short time, a client on Hub1 can talk to the client on Hub2 whilst the inspect firewall is open but that is it.
I've tried all sorts of different configures. I then turned IP CEF off on Hub2 (15.2) and then low and behold, traffic flew across...
Does anyone know of any major changes that have happened in these software releases? Anyone have any experience of this? I will be hitting the Cisco docs tomorrow but i'm hoping someone has run into this before.