Hi,
I have a VPN between sites, using IPSec on a GRE tunnel. On the 'secure side' of the tunnel I have an access list applied to the tunnel interface, however the access-list won't block traffic.
It's a very basic setup:
description Tunnel to xxx$FW_OUTSIDE$
ip address 10.172.32.18 255.255.255.252
ip access-group 125 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1420
ip inspect DEFAULT100 out
ip route-cache flow
tunnel source FastEthernet0/1
tunnel destination x.x.x.x
tunnel path-mtu-discovery
crypto map SDM_CMAP_1
Access-list 125 deny ip any any
Really, no traffic should be able to flow from the other side of this tunnel but this isn't the case - it allows anything and everything.
I have tried multiple IOS's with no avail. This is an 1841.
Any ideas?
thanks.