Dear,
In a site-to-site vpn tunnel configuration the crypto map of the vpn interface contain an access-list (match address (aclnr)) for the protected traffic. What happens if the vpn tunnel is down:is the protected traffic dropped?
(I tried it with gns3 and it seems that when the vpn is down, the protected traffic flows unencrypted)
Regards, Hans