Alright.

I will check this and return feedback as soon as I will have tested it.

Thanks.

Hi, I got time to play with the device.

On the UC 560 device we have an ACL that is wrong and need to be redone entirely.

I have read that if we remove or modify an ACL tie to a VPN, the VPN will be unstable.

If we add a rule to an existing ACL this is considered acceptable.

So as I understand since the ACL is wrong and tie to the VPN, it is better to redo the site to site VPN entirely and this time enter the correct parameter? (I will do a check on the ACL just to be sure there is no remanant wrong ACL remaining.

Is there a way to identify the ACL tie to a VPN or Interface? I just want to clean as much as possible before redoing the site to site VPN.

Thanks you.

Just modify the existing ACL and you are good to go.. 

We did some testing for the site to site VPN.

We have found a trick.

We use the Cisco Professional Program in order to get the VPN.

On the SR520 the route is good and ACL is good.

On the UC560 I have clean all the ACL with the mention of the internal private adress of the SR520. I also deleted the VPN using CP too.

But went I recreate the VPN using CP a Deny ACL appear out of nowhere and block the traffic from the UC560 to the SR520.

For example: deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

2.x = SR520 and 1.x = UC560

This DENY is part of a long ACL. I cannot only delete this rule. I Can't only delete the entire list.

Any tips from there?

Thanks you very much.

Try to create a new ACL and apply to your VPN config