Hi, Jathaval! thanks for your atention
i don't have access to the link you provide me after change de acl the routing table on my client become 0.0.0.0 0.0.0.0 and all traffic are being discarded
here the output of the SH CRYPTO IPSEC SA
#sh crypto ipsec sa
interface: Virtual-Access2
Crypto map tag: Virtual-Access2-head-0, local addr 64.30.154.85
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.16.255.11/255.255.255.255/0/0)
current_peer 41.78.17.174 port 54858
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 64.30.154.85, remote crypto endpt.: 41.78.17.174
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1.10
current outbound spi: 0x2A77D608(712496648)
inbound esp sas:
spi: 0x2903FFDA(688127962)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2033, flow_id: FPGA:33, crypto map: Virtual-Access2-head-0
sa timing: remaining key lifetime (k/sec): (4460451/3571)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x2A77D608(712496648)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2034, flow_id: FPGA:34, crypto map: Virtual-Access2-head-0
sa timing: remaining key lifetime (k/sec): (4460451/3549)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
see the atachement for the route table on the client