I got a situation with an IPsec Tunnel and i don't know what else I need do, this is the situation:
I already configured a VPN Tunnel between my Cisco ASA and a Fortigate 100D everything is up (Phase 1 and Phase 2), this tunnel was created because we need to monitor 5 devices (couple of switches and a call manager) the devices that we already monitoring are the Switch Core (10.0.5.20) and the Call Manager (10.0.5.21) (the IPs are not the real ones is just for information) but we got problems trying to reach 3 Switches that are on a different network (10.0.1.x)
When i send a ping from my server (172.26.5.80) to one of the devices let's say 10.0.1.5 I see that the packet reach the Cisco asa and send it through the Tunnel but on the Fortigate side they don't see anything they only see the request to the IPs 10.0.5.20 and .21
If I execute the ping backwards i mean from the 10.0.1.5 to my server 172.26.5.80 it doesn't respond until i execute a ping from my server to the switch looks like it's waiting to see the communication open on the Tunnel
About the configuration on both sides we already checked and everything looks good.
I hope all of you understand what i tried to explain.
For verification on the ASA, you could run CLI packet tracer to confirm that the config is good:
packet tracer input inside icmp source-ip 8 0 dest-ip det
I think i found the issue, on the Fortinet side the admin was using "named address" something like object groups and this can cause some issues in the VPN crypto map. I'm asking to the admin to change the "named address" to the IP address. I will let you know how it goes.