Community discussions

MikroTik App
just joined
Topic Author
Posts: 1
Joined: Wed Oct 06, 2021 2:50 am


Wed Oct 06, 2021 3:35 am

Hi everyone.!
I have configured an ipsec vpn between a CCR1009 and a Cisco ASA 5510 firewall from a client which has configured it.
Basically it's 3 tunnels pointing 3 hosts on my side to 5 networks on the client side.
The tunnels are established in both the Mikrotik and the Cisco ASA, but the traffic does not reach the remote networks.
The most curious thing is that even though the tunnel is established and the SAs are installed, no traffic passes through all the tunnels. That is, when the VPN is established, I can only reach from one of the local hosts to one of the client's remote networks, specifically the IP of the LAN network gateway only, also from that same remote network (IP of the remote gateway) to the same local host, however two things happen:
* The other 4 tunnels, although they are established, do not pass any traffic. Not even the remote LAN ip of the Cisco ASA.
* If the tunnels are restarted, the tunnel that was working stops doing so and one of the other 4 tunnels remains active, which previously did not pass traffic.

We have reviewed the configuration of both sides and we do not see anything strange, since with the same client I have other VPNs from another of its branches with another Cisco ASA 5510 working without problem, and that vpn reaches the same hosts, the only thing that changes is remote customer networks.
Configuration screenshots:
installed SAs.png
src address list.png
dst address list.png
src nat.png
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Ahrefs [Bot], FiiMitch, Semrush [Bot] and 20 guests