I have been trying to establish a vpn ipsec between two ASAs, one of them with ISP that provides public ip, and the other with fixed IP. I did the configuration of each one of them and I can see that the VPN is established through the show crypto isakmp sa command, but nevertheless when applying the show crypto ipsec sa command, I can see that the packets are not returned through the tunnel. it does not allow the connection between the nated networks to be established.
Configuration ASA IP Dynamic
access-list Backup_cryptomap_2 extended permit ip object HierroC_Valencia object-group Redes_Remota
nat (inside,Backup) source static HierroC_Valencia HierroC_Valencia destination static Redes_Remota Redes_Remota no-proxy-arp route-lookup
crypto ipsec ikev1 transform-set Crypto_HierroC_Valencia esp-3des esp-sha-hmac
crypto map Backup_map 2 match address Backup_cryptomap_2
crypto map Backup_map 2 set peer 200.35.79.163
crypto map Backup_map 2 set ikev1 transform-set Crypto_HierroC_Valencia
crypto map Backup_map interface Backup
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 enable Backup
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
dynamic-access-policy-record DfltAccessPolicy
tunnel-group 200.35.79.163 type ipsec-l2l
tunnel-group 200.35.79.163 general-attributes
default-group-policy GroupPolicy1
tunnel-group 200.35.79.163 ipsec-attributes
ikev1 pre-shared-key *****
Configuration ASA Vpn IP Static
nat (inside,outside) source static Redes_Sede_Principal_y_Remota Redes_Sede_Principal_y_Remota destination static Hierro_CValencia Hierro_CValencia no-proxy-arp route-lookup
crypto ipsec ikev1 transform-set Prueba esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 1 set ikev1 transform-set Prueba
crypto dynamic-map outside_dyn_map 1 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 policy 8
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****