Hello Ali
This sounds like a strange situation. If you have no crypto maps referencing ACLs to define interesting traffic, and yet your tunnels are up and running, something else must be matching to create interesting traffic. Also you mentioned that when you apply the ACL, the tunnel would go down and an error message about not having any interesting traffic appears? Can you elaborate on that? Where do you see it and under what circumstances?
I suggest you use some debugs on your topology to determine how traffic is matched and sent through the tunnel. You can use one or more of the following:
- debug crypto ipsec
- debug crypto isakmp
- debug crypto ikev2 protocol
- debug crypto ikev2 platform
- debug crypto ikev2 internal
- debug access-list
Let us know how you get along in your troubleshooting, and share with us your results so we can help you further.
I hope this has been helpful!
Laz