Hello!
We have the problems with IPsec between RB1200 (ROS 5.7, 5.
and Cisco ASA 5500
periodically, it stops working - the IPsec SA itself is up, but packets do not return from the mikrotik to the IPsec tunnel
from Cisco we can see the encaps, but no decaps
sometimes it is enough just to initiate the ipsec traffic from the mikrotik and the tunnel comes up
sometimes it is nedeed to do /ip ipsec installed-sa flush sa-type=all
the following methods doesn’t solve the problem:
- the permanent ping from mikrotik to the other side of the tunnel
- disable/enable the policy in the /ip ipsec policy
- remove/add policy in /ip ipsec policy также не помогает
- disable/enable nat rule in /ip firewall nat
what can be the problem?