PAN to Cisco ASA Phase 1 IKEv1 only Exchange mode = auto IKE crypto = aes256cbc, SHA1, DH group2 Phase 2 Type = Autokey Proxy IDs are set. Near: 192.168.74.0/24, Far: 172.29.17.128/25 Near: 192.168.75.0/24, Far: 172.29.17.128/25 Near: 192.168.76.0/24, Far: 172.29.17.128/25 IPSEC crypto = ESP, aes256cbc, SHA, DH group2 Tied to tunnel.1, trust zone, route set to reach 172.29.17.128/25 Policy set to allow NAT rule in place to exempt NAT for this specific source and destination (otherwise it hits the bottom-most source NAT dynamic ip and port for internet access for the near side networks) All the IKE/IPSEC stuff and policy is fine because ping gets there. I can disable the tunnel and ping stops. And monitor shows my policy I designed for this being hit with the icmp. But can't get any L4 traffic over there. Show session shows nothing also.. Need anything else ?
... View more