Hello,

I'm currently meet  an issue with a VPN IKEv2. Actually I have 2 local subnets (10.10.0.0/16 & 192.168.90.0/24) that want to reach a remote subnet (10.20.0.0/16). Here my access-list:

access-list ACL_REMOTE line 1 extended permit ip 10.10.0.0 255.255.0.0 10.20.0.0 255.255.0.0

access-list ACL_REMOTE line 2 extended permit ip 192.168.90.0 255.255.255.0 10.20.0.0 255.255.0.0

VPN is established correctly but I have only inbound traffic.

access-list ACL_REMOTE extended permit ip 192.168.90.0 255.255.255.0 10.20.0.0 255.255.0.0
local ident (addr/mask/prot/port): (192.168.90.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.20.0.0/255.255.0.0/0/0)
current_peer: --

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 12163, #pkts decrypt: 12163, #pkts verify: 12163
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0

When I run a packet tracer, this stops on step 9.

#packet-tracer input inside-2 tcp 192.168.90.10 6568 10.20.0.10 www

....

Phase: 9
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:

Result:
input-interface: inside-2
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

ACL that defines the ‘interesting traffic’ for the VPN is identical on both end and VPNs that are configured on the same firewall works perfectly.  Has anybody any idea what is happen ? 

P.S.: my version of firewall is 9.5(2).