I try to bring up the tunnel from the ASA by generating interesting traffic with the command packet-tracer input inside tcp 10.75.1.1 80 10.70.1.1 80, which according to this, is a valid way to bring up a tunnel.
However, the tunnel does not come up; It does not appear in the show crypto isakmp sa output.
There's an error I spot on your output that might be causing the issue.
%ASA-2-106016: Deny IP spoof from (10.75.1.1) to 10.70.1.1 on interface inside
Here is the explanation from Cisco about that error message:
This message is generated when a packet arrives at the security appliance interface that has a destination IP address of 0.0.0.0 and a destination MAC address of the security appliance interface. In addition, this message is generated when the security appliance discarded a packet with an invalid source address, which can include one of the following or some other invalid address:
Loopback network (127.0.0.0)
Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed)
The destination host (land.c)
In order to further enhance spoof packet detection, use the icmp command to configure the security appliance to discard packets with source addresses belonging to the internal network. This is because the access-list command has been deprecated and is no longer guaranteed to work correctly.
Recommended Action: Determine if an external user is trying to compromise the protected network. Check for misconfigured clients.
I didn't check your configs but looking at the output from the packet-tracer it seems that the packet is being dropped by ACL. This is why your tunnel is not going up, because the trafic doesn't even reach the remote end. Try rechecking your ACLs including crypto ACL.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...