Hi Community,

I am stuck in here as, VPN is successfully established between DC & Site1 but traffic (icmp or any other) is not flowing. Kindly help. Below are the two site IKV1 configuration.

Site 1: 

object-group network Datacenter_nw
network-object 192.168.20.0 255.255.255.0
network-object 10.55.1.0 255.255.255.0

object network LAN
subnet 10.184.2.0 255.255.255.0

access-list SEATFWtoDatacenter extended permit ip object LAN object-group Datacenter_nw

nat (inside_1,outside) source static LAN LAN destination static Datacenter_nw Datacenter_nw no-proxy-arp route-lookup

crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800

crypto ikev1 enable outside
crypto isakmp identity address

tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****

crypto ipsec ikev1 transform-set myvpnset esp-aes-256 esp-sha-hmac

crypto map SEATVPN 1 match address SEATFWtoDatacenter
crypto map SEATVPN 1 set peer x.x.x.x
crypto map SEATVPN 1 set ikev1 transform-set myvpnset

IKEv1 SAs:

Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1

1 IKE Peer: x.x.x.x
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 28800
Lifetime Remaining: 27848

There are no IKEv2 SAs

NATTr.

1 (inside_1) to (outside) source static LAN LAN destination static Datacenter_nw Datacenter_nw no-proxy-arp route-lookup
translate_hits = 7618, untranslate_hits = 7618

access-list SEATFWtoDatacenter; 10 elements; name hash: 0xbf70aa0c
access-list SEATFWtoDatacenter line 1 extended permit ip object LAN object-group Datacenter_nw (hitcnt=42) 0xf67bb5c9
access-list SEATFWtoDatacenter line 1 extended permit ip 10.184.2.0 255.255.255.0 10.55.1.0 255.255.255.0 (hitcnt=39943) 0x862fb856

DC :

object-group network Datacenter_lan
network-object 192.168.20.0 255.255.255.0
network-object 10.0.0.0 255.0.0.0
object-group network SeattleFW_lan
network-object 10.184.2.0 255.255.255.0

access-list DatacentertoSEATFW extended permit ip object-group Datacenter_lan object-group SeattleFW_lan

nat (inside,outside) 1 source static Datacenter_lan Datacenter_lan destination static SeattleFW_lan SeattleFW_lan no-proxy-arp route-lookup

crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800

crypto ikev1 enable outside
crypto isakmp identity address


tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
ikev1 pre-shared-key *****

crypto ipsec ikev1 transform-set myvpnset esp-aes-256 esp-sha-hmac

crypto map outside_map2 60 match address DatacentertoSEATFW
crypto map outside_map2 60 set peer x.x.x.x
crypto map outside_map2 60 set ikev1 transform-set myvpnset

30 IKE Peer: 96.79.192.233
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
Encrypt : aes-256 Hash : SHA
Auth : preshared Lifetime: 28800
Lifetime Remaining: 27770

NAT Tr.

1 (inside) to (outside) source static Datacenter_lan Datacenter_lan destination static SeattleFW_lan SeattleFW_lan no-proxy-arp route-lookup
translate_hits = 11, untranslate_hits = 11

Access List-

access-list DatacentertoSEATFW; 2 elements; name hash: 0x6a9b85c7
access-list DatacentertoSEATFW line 1 extended permit ip object-group Datacenter_lan object-group SeattleFW_lan (hitcnt=0) 0x1cf33b31
access-list DatacentertoSEATFW line 1 extended permit ip 10.0.0.0 255.0.0.0 10.184.2.0 255.255.255.0 (hitcnt=32) 0x4bb5c8a0

Thanks in advance.