cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
325
Views
0
Helpful
2
Replies

asa site-to-site traffic not passing

kh.farhad
Level 1
Level 1

hi,

I'm trying to pass traffic between asa 5515-x 9.6 and cisco 2801 12.3(8r)T8 through site to site tunnel ike.v1. Tunnel is up as I can see in asdm or results of sh crypto isakmp sa and sh crypto ipsec sa. Routing is ok nat exemption is done, but I don't know why traffic is not passing and I cant ping local networks behind these devices. I even checked the packet tracer and the final result is packet is allowed. What else should I check?

2 Replies 2

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi,

Please share the output of sh cry ipsec sa

Also is ICMP inspection enabled on the ASA ?

If not use fixup protocol icmp on ASA and check.

Regards,

Aditya

sorry for the late response. I solved the problem but I have another issue which is site-to-site problem between asa 5515-x and mikrotik I have configured everything correctly but I just see the log in asa that no proposal is chosen between two. I made the tunnel up and running with cisco 1800. mikrotik uses pppoe with a public IP address, I cant see where the problem is.