I have configured an ipsec vpn between a CCR1009 and a Cisco ASA 5510 firewall from a client which has configured it.
Basically it's 3 tunnels pointing 3 hosts on my side to 5 networks on the client side.
The tunnels are established in both the Mikrotik and the Cisco ASA, but the traffic does not reach the remote networks.
The most curious thing is that even though the tunnel is established and the SAs are installed, no traffic passes through all the tunnels. That is, when the VPN is established, I can only reach from one of the local hosts to one of the client's remote networks, specifically the IP of the LAN network gateway only, also from that same remote network (IP of the remote gateway) to the same local host, however two things happen:
* The other 4 tunnels, although they are established, do not pass any traffic. Not even the remote LAN ip of the Cisco ASA.
* If the tunnels are restarted, the tunnel that was working stops doing so and one of the other 4 tunnels remains active, which previously did not pass traffic.
We have reviewed the configuration of both sides and we do not see anything strange, since with the same client I have other VPNs from another of its branches with another Cisco ASA 5510 working without problem, and that vpn reaches the same hosts, the only thing that changes is remote customer networks.