Hi All,

I have an issue we have 4 sites, the tunnels come up between the two main offices and two branch offices without a problem but, one of our main offices cant ping anything on the two remote offices and viscera versa we have checked our policy's and they are correct, the policy's are identical except for ip ranges has anyone experienced this sort of problem before and if so i'd appreciate any info you have.

Regards Martin

Cisco router or ASA? If it's an ASA have you allowed ICMP?

For the MikroTik side check firewall rules. If you are doing a policy based VPN I think you also need to tag the packets in the firewall for masquerade based on src-address. I'm bad at policy based VPNs and by and large prefer routed approaches. GRE + IPSec is the way to go for me. I did see an interesting approach using L2TP + IPSec w/BGP as the dynamic protocol.

Hi thanks for your reply,

Ping is enabled on both Cisco ASA routers unfortunately I don't have control over the CISCO ends, and I am sure that my policy's and firewall rules including the SRC Nat are all setup correctly is there anymore commands I can run to see what exactly is going on I've been looking in the logs and playing with torch but i can only see the IPSEC Connection to the remote sites not the data.

I'm sure I don't have a rules problem as I disabled all drop rules in the firewall and its still the same