> Seems like Cisco doesn't like acl permit any any. > > "Proxy Identities Not Supported > The message below appears in debugs if the access list for IPSec traffic > does not match. come to think of it, I remember a chat with a collegue a few months ago who came across the same issue