Refer to the exhibit. Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
A. Site-to-site VPN preshared keys are mismatched.
B. Site-to-site VPN peers are using different encryption algorithms.
C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
D. The access control policy is not allowing VPN traffic in.
D is more relevant answer
A – cannot be true since the tunnel is established as we can see pkts decrypted and pkts encrypted –> zero
B – Same as above, tunnel is up so Phase1 and Phase2 are both up and interesting traffic is passing
C – Split tunneling works for remote access VPNs. It defines what traffic, when a user connects to a remote access VPN server, should go inside the VPN and what traffic should go out via local home router.
D – Since there are no encapsulations happening encaps: 0bytes….. it evidently shows a problem with the access list