I set up site2site VPN from Mikrotik to Cisco ASA, and it is functioning, apart from that I can only establish the link when initiating traffic FROM the ASA side.
Example: every ping from MT side will time out, until I ping from ASA side, where the peer connection will be established, and both sides can ping eachother.
(I can provide more info on configs on both ends - just using standard set up, the first howto listed when googling)
But, do anyone have any suggestion regarding something obvious I should try to find/fix the problem? Given that the link is working perfectly once it is established, I would guess that there could be issues with the initial negotiating traffic originating FROM the Mikrotic that is somehow blocked by a firewall rule or similar.
I am regularly maintaining IPSEC VPN tunnels from ASA to ASA, but this is the first time I am attempting this with a Mikrotik
To connect a IPSEC tunnel from a Mikrotik to a Cisco ASA you’ll need to add the “level=unique” setting to your policy.
On a side note highly suggest you change your crypto and hashing to AES (higher the better) and SHA1 at a minimum.
/ip ipsec policy
add dst-address=172.16.0.0/21 sa-dst-address=<<<Wan IP at Cisco ASA>>> sa-src-address=<<Wan IP at Mikrotik>> src-address=192.168.110.0/24 tunnel=yes level=unique