Hello Rob,

We have check with both way(OUTSIDE,OUTSIDE) and (ANY, OUTSIDE) but it not works, please find attached screen shot

It is included in the crypto ACL for the L2L VPN to the peer and LAN & DMZ are working.

This is FTD managed by FMC , Is there any reference documents. 

@SurajS 

If you use "any" you could cause other issues from traffic inside the network. For this communication it's not going to be "any" if the traffic is source from an AnyConnect client it would be from the "outside" interface.

You are translating the RAVPN traffic to the "outside" interface IP address, so therefore the crypto ACL includes the IP address of the "outside" interface? Has this been mirror on the remote peer?

Is an IPSec SA pair created for this communication?

Run packet-tracer and provide the output.

Phase: 9
Type: WEBVPN-SVC
Subtype: in
Result: DROP
Config:
Additional Information:

Result:
input-interface: Outside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ONEEARTH-SCADA-FPR2130-FW01#

We are getting above error, We have added RAVPN subnet in ACL.

And all three subnet like LAN, DMZ & RAVPN are NATED with subnet and that NATED subnet allowed by peer end for IPSEC.

@SurajS 

Have you run that packet-tracer using an IP address already assigned to a connect client? Re-try using a free IP address

If still a problem provide the full output for review and the configuration,

Hello Rob,

Thank you.

It is working with above command.

nat (OUTSIDE,OUTSIDE) source static RAVPN_REAL RAVPN_NAT destination static REMOTE_NET REMOTE_NET no-proxy-arp 

That ping drop was coming due incorrect ACL. after changing ACL it works fine.