I am testing VPN tunnels in a lab. I have the following (simple) setup:
-one ASA5505 has an "inside" interface with address 18.104.22.168/24 and an "outside" interface with address 22.214.171.124/24
-one computer with address 126.96.36.199/24 ("Client") is connected to the "inside" interface
-one ASA5510 has an "inside" interface with address 188.8.131.52/24 and an "outside" interface with address 184.108.40.206/24
-one computer with address 220.127.116.11/24 ("Server") is connected to the "inside" interface
-both "outside" interfaces are connected through a layer 2 switch
I had a VPN tunnel between them using "Main mode", and that worked without a problem.
But in my target system, the ASA5505 will be connected to a router with a dynamic IP address, and so I need to use "Aggressive mode", where the ASA5510 will have a static address on the "outside" interface. The ASA5505 will therefore initiate the VPN session.
I am using the ASDM, by the way.
I have the VPN tunnel established, but I am unable to ping from either side.
When I ping the Server from the Client, the ASA5505 gives me the expected "Built/Teardown ICMP connection...", but the ASA5510 says "IKE Initiator unable to find policy: Intf inside, Src: 18.104.22.168, Dst: 22.214.171.124". So the ping makes it to the Server, but the reply can't find its way back out.
When I ping the client from the Server, I get the same message on the ASA5510: "IKE Initiator unable to find policy: Intfc inside, Src: 126.96.36.199, Dst: 188.8.131.52".
I attach the configuration on the ASA5510.
I checked similar posts, but the root problem seemed to be different.
Any help is welcome.