Core issue
This issue occurs due to the presence of Cisco bug ID CSCsc43461.
This problem occurs on a Cisco IOS router running Cisco IOS Interim Software Release 12.4(3.9)T7 or later configured for IPSec, where the crypto interface has an input Access Control List (ACL) that does not explicitly permit traffic for the inner data packets (what is encapsulated within IPSec).
In this scenario, a Cisco IOS router configured for IPSec can drop every other packet.
Resolution
As a workaround, perform either of these steps:
- Do not configure the IPSec, and explicitly allow inner data packets to be encapsulated by IPSec.
- Download and upgrade to these Cisco IOS versions: