There are 2610 (c2600-is56i-mz.121-14.bin) & 3661 (c3660-io3s56i-mz.121-14.bin), connected by FR channel. IPSec configured on both side to secure transport layers (TCP & UDP) and at present allow transparent access from LAN behind 3661 to 2610 (tested with telnet, ftp, tftp, rsh, rcp). There is host connected to 2610 on Async 33 by PPP encryption. And traffic from this host incoming to 3610 is NOT encrypted (see log below), although permited in access-list referenced from crypto map. Problem resolved after "no crypto map" && "crypto map ..." on sub-interfaces on both routers. But reload bring that kind of troubles again :(
I have not studied the provided configs, so I do not claim to understand the enviroment or the nature of this problem, but I do have something to add.
I use the command 'ip route-cache' in several of my VPN configs. In particular, I have found this command usefull when using policy based routing. The 'ip route-cache' command allows the router to make policy routing decisions without having to process the entire policy for every packet.
The point of my post is that by nature, IPSec VPNs and 'ip route-cache' work fine with each other in some environments. I can not speak for this particular case.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...