On my side I actually use the SYSTEM_DEFAULT_CRYPTO_MAP without problem, but I have create a tunnel group just for the Mikrotik.If the Mikrotik have a static IP try create a Tunnel Group with IP, if not use a tunnel group with FQDN.tunnel-group exemp...
On the ASA you first need to put the NO NAT ruleExemple:access-list no-nat-inside line 15 extended permit ip 192.168.128.0 255.255.252.0 192.168.126.0 255.255.255.0 Then I created a tunnel-group with a FQDN an not an IP ( causse Mikrotik side are in ...
Hi had this exact same issue when trying to have a Mikrotik in DHCP do a site to site VPN to a Cisco ASA.The Phase2 is about the " IPsec Proposal " on the Mikrotik Side, so be sure the Auth end Encyption Algorithms checked in winbox are allowed on th...
