I know that the issue has already beaten, but all I ask …
I watched threads on this forum, watched the video on youtube.com but fully run the tunnel did not work.
We have two networks:
Cisco - 1.1.1.1 (white address), 192.168.10.0\24 - Internal Network
MT - 2.2.2.2 (white address), 192.168.0.0\24 - Internal Network

from Cisco to MT all right - ping, rdp, any other services availible, but
from MT to Cisco no connect, though, if make “tracert 192.168.10.101” (real server) we get windows host name.

and now is not visible ways to solve this issue.

great thank to all answers

MT config:

jul/16/2013 16:59:43 by RouterOS 5.24

software id = L84P-BEEY

/interface bridge
add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes
disabled=no forward-delay=15s l2mtu=1598 max-message-age=20s mtu=1500
name=bridge1 priority=0x8000 protocol-mode=none transmit-hold-count=6
/interface ethernet switch
set 0 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set [ find default=yes ] authentication-types=“” eap-methods=passthrough
group-ciphers=aes-ccm group-key-update=5m interim-update=0s
management-protection=disabled management-protection-key=“” mode=none
name=default radius-eap-accounting=no radius-mac-accounting=no
radius-mac-authentication=no radius-mac-caching=disabled
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=
none static-key-0=“” static-key-1=“” static-key-2=“” static-key-3=“”
static-sta-private-algo=none static-sta-private-key=“”
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=
none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=
“” wpa2-pre-shared-key=“”
/ip dhcp-server
add address-pool=static-only authoritative=after-2sec-delay bootp-support=
static disabled=no interface=bridge1 lease-time=3d name=server1
/ip hotspot profile
set [ find default=yes ] dns-name=“” hotspot-address=0.0.0.0 html-directory=
hotspot http-cookie-lifetime=3d http-proxy=0.0.0.0:0 login-by=
cookie,http-chap name=default rate-limit=“” smtp-server=0.0.0.0
split-user-domain=no use-radius=no
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m name=default
shared-users=1 status-autorefresh=1m transparent-proxy=no
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha1 disabled=no enc-algorithms=
aes-256 lifetime=30m name=default pfs-group=modp1536
/ppp profile
set 0 change-tcp-mss=yes name=default only-one=default use-compression=
default use-encryption=default use-mpls=default use-vj-compression=
default
set 1 change-tcp-mss=yes name=default-encryption only-one=default
use-compression=default use-encryption=yes use-mpls=default
use-vj-compression=default
/queue type
set 0 kind=pfifo name=default pfifo-limit=50
set 1 kind=pfifo name=ethernet-default pfifo-limit=50
set 2 kind=sfq name=wireless-default sfq-allot=1514 sfq-perturb=5
set 3 kind=red name=synchronous-default red-avg-packet=1000 red-burst=20
red-limit=60 red-max-threshold=50 red-min-threshold=10
set 4 kind=sfq name=hotspot-default sfq-allot=1514 sfq-perturb=5
set 5 kind=none name=only-hardware-queue
set 6 kind=mq-pfifo mq-pfifo-limit=50 name=multi-queue-ethernet-default
set 7 kind=pfifo name=default-small pfifo-limit=10
/routing bgp instance
set default as=65530 client-to-client-reflection=yes disabled=no
ignore-as-path-len=no name=default out-filter=“” redistribute-connected=
no redistribute-ospf=no redistribute-other-bgp=no redistribute-rip=no
redistribute-static=no router-id=0.0.0.0 routing-table=“”
/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=
ospf-in metric-bgp=auto metric-connected=20 metric-default=1
metric-other-ospf=auto metric-rip=20 metric-static=20 name=default
out-filter=ospf-out redistribute-bgp=no redistribute-connected=no
redistribute-other-ospf=no redistribute-rip=no redistribute-static=no
router-id=0.0.0.0
/routing ospf area
set [ find default=yes ] area-id=0.0.0.0 disabled=no instance=default name=
backbone type=default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0 authentication-password=“”
authentication-protocol=MD5 encryption-password=“” encryption-protocol=
DES name=public read-access=yes security=none write-access=no
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100
disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote-port=514 src-address=0.0.0.0
syslog-facility=daemon syslog-severity=auto target=remote
/user group
set read name=read policy=“local,telnet,ssh,reboot,read,test,winbox,password,w
eb,sniff,sensitive,api,!ftp,!write,!policy” skin=default
set write name=write policy=“local,telnet,ssh,reboot,read,write,test,winbox,pa
ssword,web,sniff,sensitive,api,!ftp,!policy” skin=default
set full name=full policy=“local,telnet,ssh,ftp,reboot,read,write,policy,test,
winbox,password,web,sniff,sensitive,api” skin=default
/interface bridge port
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether2 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether3 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether4 path-cost=10 point-to-point=auto priority=0x80
add bridge=bridge1 disabled=no edge=auto external-fdb=auto horizon=none
interface=ether5 path-cost=10 point-to-point=auto priority=0x80
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=
no
/interface ethernet switch port
set 0 vlan-header=leave-as-is vlan-mode=fallback
set 1 vlan-header=leave-as-is vlan-mode=fallback
set 2 vlan-header=leave-as-is vlan-mode=fallback
set 3 vlan-header=leave-as-is vlan-mode=fallback
set 4 vlan-header=leave-as-is vlan-mode=fallback
/interface l2tp-server server
set authentication=pap,chap,mschap1,mschap2 default-profile=
default-encryption enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=
1460 mrru=disabled
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 default-profile=
default enabled=no keepalive-timeout=60 mac-address=FE:A5:B0:1C:23:BE
max-mtu=1500 mode=ip netmask=24 port=1194 require-client-certificate=no
/interface pptp-server server
set authentication=mschap1,mschap2 default-profile=default-encryption
enabled=no keepalive-timeout=30 max-mru=1460 max-mtu=1460 mrru=disabled
/interface sstp-server server
set authentication=pap,chap,mschap1,mschap2 certificate=none default-profile=
default enabled=no keepalive-timeout=60 max-mru=1500 max-mtu=1500 mrru=
disabled port=443 verify-client-certificate=no
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=
00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300
frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10
multiple-channels=no only-headers=no receive-errors=no streaming-enabled=
no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
/ip accounting
set account-local-traffic=no enabled=no threshold=256
/ip accounting web-access
set accessible-via-web=no address=0.0.0.0/0
/ip address
add address=192.168.0.1/24 disabled=no interface=bridge1 network=192.168.0.0
add address=2.2.2.2/28 disabled=no interface=ether1-gateway network=
2.2.2.112
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.0.1/32 dhcp-option=“” dns-server=8.8.8.8 gateway=
192.168.0.1 netmask=24 ntp-server=“” wins-server=“”
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB
max-udp-packet-size=4096 servers=8.8.8.8
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s
tcp-close-wait-timeout=10s tcp-established-timeout=1d
tcp-fin-wait-timeout=10s tcp-last-ack-timeout=10s
tcp-syn-received-timeout=5s tcp-syn-sent-timeout=5s tcp-syncookie=no
tcp-time-wait-timeout=10s udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=accept chain=srcnat disabled=no dst-address=192.168.10.0/24
src-address=192.168.0.0/24
add action=accept chain=srcnat disabled=no dst-address=192.168.0.0/24
src-address=192.168.10.0/24
add action=masquerade chain=srcnat comment=“default configuration” disabled=
no out-interface=ether1-gateway src-address=192.168.0.0/24
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061 sip-direct-media=yes
set pptp disabled=no
/ip hotspot service-port
set ftp disabled=no ports=21
/ip ipsec peer
add address=1.1.1.1/32 auth-method=pre-shared-key dh-group=modp1536
disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=aes-256
exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0
lifetime=1d my-id-user-fqdn=“” nat-traversal=no port=500 proposal-check=
obey secret=cisco send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=yes dst-address=192.168.0.0/24 dst-port=any
ipsec-protocols=esp level=unique priority=0 proposal=default protocol=all
sa-dst-address=2.2.2.2 sa-src-address=1.1.1.1 src-address=
192.168.10.0/24 src-port=any tunnel=yes
add action=encrypt disabled=no dst-address=192.168.10.0/24 dst-port=any
ipsec-protocols=esp level=unique priority=0 proposal=default protocol=all
sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=
192.168.0.0/24 src-port=any tunnel=yes
/ip neighbor discovery
set ether1-gateway disabled=no
set ether2 disabled=no
set ether3 disabled=no
set ether4 disabled=no
set ether5 disabled=no
set bridge1 disabled=no
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4
cache-on-disk=no enabled=no max-cache-size=unlimited
max-client-connections=600 max-fresh-time=3d max-server-connections=600
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=
no src-address=0.0.0.0
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=87.251.187.113
scope=30 target-scope=10
/ip service
set telnet address=“” disabled=no port=23
set ftp address=“” disabled=no port=21
set www address=“” disabled=no port=80
set ssh address=“” disabled=no port=22
set www-ssl address=“” certificate=none disabled=yes port=443
set api address=“” disabled=yes port=8728
set winbox address=“” disabled=no port=8291
/ip smb
set allow-guests=yes comment=MikrotikSMB domain=MSHOME enabled=no interfaces=
all
/ip smb shares
set [ find default=yes ] comment=“default share” directory=/pub disabled=no
max-sessions=10 name=pub
/ip smb users
set [ find default=yes ] disabled=no name=guest password=“” read-only=yes
/ip socks
set connection-idle-timeout=2m enabled=no max-connections=200 port=1080
/ip traffic-flow
set active-flow-timeout=30m cache-entries=4k enabled=no
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes
/mpls
set dynamic-label-range=16-1048575 propagate-ttl=yes
/mpls interface
set [ find default=yes ] disabled=no interface=all mpls-mtu=1508
/mpls ldp
set distribute-for-default-route=no enabled=no hop-limit=255 loop-detect=no
lsr-id=0.0.0.0 path-vector-limit=255 transport-address=0.0.0.0
use-explicit-null=no
/port firmware
set directory=firmware ignore-directip-modem=no
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/queue interface
set ether1-gateway queue=only-hardware-queue
set ether2 queue=only-hardware-queue
set ether3 queue=only-hardware-queue
set ether4 queue=only-hardware-queue
set ether5 queue=only-hardware-queue
/radius incoming
set accept=no port=3799
/routing bfd interface
set [ find default=yes ] disabled=no interface=all interval=0.2s min-rx=0.2s
multiplier=5
/routing mme
set bidirectional-timeout=2 gateway-class=none gateway-keepalive=1m
gateway-selection=no-gateway origination-interval=5s preferred-gateway=
0.0.0.0 timeout=1m ttl=50
/routing rip
set distribute-default=never garbage-timer=2m metric-bgp=1 metric-connected=1
metric-default=1 metric-ospf=1 metric-static=1 redistribute-bgp=no
redistribute-connected=no redistribute-ospf=no redistribute-static=no
routing-table=main timeout-timer=3m update-timer=30s
/snmp
set contact=“” enabled=no engine-id=“” location=“” trap-generators=“”
trap-target=“” trap-version=1
/system clock
set time-zone-name=Asia/Yekaterinburg
/system clock manual
set dst-delta=+00:00 dst-end=“jan/01/1970 00:00:00” dst-start=
“jan/01/1970 00:00:00” time-zone=+00:00
/system identity
set name=MikroTik
/system logging
set 0 action=memory disabled=no prefix=“” topics=info
set 1 action=memory disabled=no prefix=“” topics=error
set 2 action=memory disabled=no prefix=“” topics=warning
set 3 action=echo disabled=no prefix=“” topics=critical
add action=memory disabled=no prefix=“” topics=ipsec
/system note
set note=“” show-at-login=yes
/system ntp client
set enabled=yes mode=broadcast primary-ntp=91.226.136.136 secondary-ntp=
0.0.0.0
/system resource irq
set 0 cpu=auto
set 1 cpu=auto
set 2 cpu=auto
/system routerboard settings
set boot-device=nand-if-fail-then-ethernet boot-protocol=bootp cpu-frequency=
400MHz force-backup-booter=no silent-boot=no
/system upgrade mirror
set check-interval=1d enabled=no primary-server=0.0.0.0 secondary-server=
0.0.0.0 user=“”
/system watchdog
set auto-send-supout=no automatic-supout=yes no-ping-delay=5m watch-address=
none watchdog-timer=yes
/tool bandwidth-server
set allocate-udp-ports-from=2000 authenticate=yes enabled=yes max-sessions=
100
/tool e-mail
set address=0.0.0.0 from=<> password=“” port=25 starttls=no user=“”
/tool graphing
set page-refresh=300 store-every=5min
/tool mac-server
set [ find default=yes ] disabled=no interface=all
/tool mac-server mac-winbox
set [ find default=yes ] disabled=no interface=all
/tool mac-server ping
set enabled=yes
/tool sms
set allowed-number=“” channel=0 keep-max-sms=0 receive-enabled=no secret=“”
/tool sniffer
set file-limit=1000KiB file-name=“” filter-ip-address=“” filter-ip-protocol=
“” filter-mac-address=“” filter-mac-protocol=“” filter-port=“”
filter-stream=yes interface=all memory-limit=100KiB memory-scroll=yes
only-headers=no streaming-enabled=no streaming-server=0.0.0.0
/tool traffic-generator
set latency-distribution-scale=10 test-id=0
/user aaa
set accounting=yes default-group=read exclude-groups=“” interim-update=0s
use-radius=no

Cisco config:
ASA Version 8.4(2)
!
hostname ciscoasa
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.101.158 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Ethernet0/2
nameif internet
security-level 0
ip address 1.1.1.1 255.255.255.128
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa842-k8.bin
ftp mode passive
dns domain-lookup internet
dns server-group DefaultDNS
name-server 8.8.8.8
access-list stm_acl extended permit ip 192.168.10.0 255.255.255.0 192.168.88.0 255.255.255.0
access-list conel_acl extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list stm_ekb_acl extended permit ip 192.168.10.0 255.255.255.0 192.168.0.0 255.255.255.0
crypto map crypto_ipsec 1 match address stm_acl
crypto map crypto_ipsec 1 set pfs group5
crypto map crypto_ipsec 1 set peer 172.16.31.7
crypto map crypto_ipsec 1 set ikev1 transform-set sample_ts
crypto map crypto_ipsec 2 match address conel_acl
crypto map crypto_ipsec 2 set pfs group5
crypto map crypto_ipsec 2 set peer 172.16.31.4
crypto map crypto_ipsec 2 set ikev1 transform-set sample_ts
crypto map crypto_ipsec 3 match address stm_ekb_acl
crypto map crypto_ipsec 3 set pfs group5
crypto map crypto_ipsec 3 set peer 2.2.2.2
crypto map crypto_ipsec 3 set ikev1 transform-set sample_ts
crypto map crypto_ipsec interface outside
crypto map crypto_ipsec interface internet
Cryptochecksum:340dcb8a6583590f13e5ad5f9a25410c
: end