Hello everyone,

We built a ipsec-vpn tunnel between siteA(10.234.0.0/16) and siteB(10.176.0.0/16)

the tunnel is up now ,but siteA's subnet can't ping siteB's subnet

Here are the packet-tracer output:

ciscoasa# packet-tracer input inside_1 icmp 10.234.10.101 0 0 10.176.0.170

Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop x.x.x.x using egress ifc outside

Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (inside_1,outside) source static SiteA_subnet1 SiteA_subnet1 destination static SiteB_subnet1 SiteB_subnet1 no-proxy-arp route-lookup
Additional Information:
NAT divert to egress interface outside
Untranslate 10.176.0.170/0 to 10.176.0.170/0

Phase: 3
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (inside_1,outside) source static SiteA_subnet1 SiteA_subnet1 destination static SiteB_subnet1 SiteB_subnet1 no-proxy-arp route-lookup
Additional Information:
Static translate 10.234.10.101/0 to 10.234.10.101/0

Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:

Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:

Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:

Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:

Phase: 8
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:

Result:
input-interface: inside_1
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

In Phase: 8 ,the result is drop, What will cause this ?

Thank you for answers