Everything works as far as the VPN goes, we can resolve DNS, ping both ways, etc. The problem is that about once a week, I get a call from the remote site (Mikrotik) saying they can’t communicate with the headquarters office (cisco ASA 5505). After re-establishing the VPN about 4 weeks in a row, I have finally come up with what is re-establishing the tunnel and getting it working again. Since I am usually just trying to diagnose where my issue is, I usually run a ping from both ways and magically it started working. Well today I finally decided to do my usual steps again, but one a time and see what step actually fixed it. What is fixing it, is running a ping from the headquarters to a device on the remote site. It pings successfully, and then all of a sudden the remote site can ping the headquarters, resolve DNS, and everything works.
I think the issue is that the Cisco ASA is not allowing the Mikrotik to establish the tunnel, I’m not extremely familiar with the Cisco ASA’s so i’m not sure where to look but I guess I am looking for the equivalent of the Mikrotik option for “Send Initial Contact”. I want the remote site to establish the tunnel, not the other way around because our servers are located at the headquarters office.
Any ideas?