I have a simple IPSec VPN setup between a remote site using an ER-X and an old Cisco router (soon to be replaced so I can use OpenVPN instead). I have used the GUI to set up the VPN. I could get the VPN connected and working between routers, but the site with the ER-X will not route to the main site. After a bit of poking around (and comparing to other sites that are working) I noticed that the following two lines were added to the configuration (under tunnel 1) that are not on my ERL at the other sites:
allow-nat-networks disable
allow-public-networks disable
When I remove these two lines at the CLI everything works perfectly. My only problem is when I reboot the router they come back. After a little inspecting when I 'commit' and then 'save' my configuration the /config/config.boot file will contain the two lines while the running config does not. What is going on?