Hi,
We have a standard L2L VPN setup. We had an issue with IP traffic only passing in 1 direction. The Crypto map ACL's were setup as below
SITE A
access-list XXX-L2L-CRYPTOMAP extended permit ip 192.168.118.0 255.255.255.0 172.16.246.0 255.255.255.0
SITE B
access-list xxx-L2L-VPN-CRYPTOMAP extended permit ip 172.16.246.0 255.255.255.0 192.168.118.0 255.255.255.0
access-list xxx-L2L-VPN-CRYPTOMAP extended permit icmp 172.16.246.0 255.255.255.0 192.168.118.0 255.255.255.0
The issue we had was that Site A could ping Site B and vice versa. Site A could Communicate on IP with Site B.
BUT Site B COULD NOT communicate with Site A on IP.
We removed the ICMP ACL on Site B and IP communication was ok bidirectionally.
Has anyone seen this issue or exaplin what may be wrong.