Yes, the thing is the following.If the traffic is from AN on router 1 to LAN on router 2 the flow will be different and the self zone will not participate.If you try to ping the LAN interface of the router, the packet will get to the router and it wi...

Thanks for the reply.The problem that you are having is the action on the policy.Instead of inspect, it should be pass.The reason for this is that the firewall uses the payload of the packet to inspect the traffic. The thing is that in ESP, the paylo...

Hello,The thing is the following.By default, the self zone is created once you create a zone.In order to permit a L2L tunnel to be establish to the router, you will need something like this.ip access-list ext Tunnel permit udp any any eq 500 permit u...

What kind of ASA do you have?And could you please post the SHOW VERSION.I will be waiting for your reply.

Hello Sir,Yes, the ASA is a stateful device for traffic that is originated from the trusted network, to the untrusted network.The ASA perform inspection of this traffic to permit the return traffic to come back in(reflexive ACL).Please try the follow...