I am trying to setup a new IPSEC VPN connection between a Cisco ASA 5520 (verion 8.4(4)) and Checkpoint Firewall. I have successfully established IKE and IPSEC phases and I can see tunnel is UP. But I can't see any traffic going through the tunnel. I have verified the cryptomap both ends and trying to test using a contionuous ping from inside network of ASA.
I have done a capture for ICMP packets but cannot see them in ASA. I have allowed icmp on the inside interface of ASA.
I have done a packet tracer and it ends with vpn-filter dropping packets. But cannot see any filter configured ..
Your help is much appreciated..
you will probably need to add the negate nat statements:- something like.
object-group network OBJ-LOCAL
network 10.155.176.0 255.255.255.0
object-group network OBJ-REMOTE
network-object 192.168.101.0 255.255.255.0
nat (inside,outside) source static OBJ-LOCALOBJ- LOCAL destination static OBJ-REMOTE OBJ-REMOTE -no-proxy-arp
As you are running 8.4 the nat 0 has been depreciated