Cisco ASA 5505 和 Juniper ssg5 之间的 ipsec 问题

我正在尝试在我们的 ASA 5505 和 Juniper ssg5 之间设置 ipsec 隧道。隧道已启动并运行，但我无法通过它获取任何数据。

我所在的本地网络是 172.16.1.0，远程网络是 192.168.70.0。但我无法 ping 通他们网络上的任何内容。设置 ipsec 时，我收到“第 2 阶段 OK”消息。

我认为这是配置中适用的部分。数据似乎没有通过隧道路由，但我不确定……

object network our-network
 subnet 172.16.1.0 255.255.255.0
object network their-network
 subnet 192.168.70.0 255.255.255.0
access-list outside_cryptomap extended permit ip object our-network object their-network 
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs 
crypto map outside_map 1 set peer THEIR_IP
crypto map outside_map 1 set ikev1 phase1-mode aggressive 
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-MD5
crypto map outside_map 1 set ikev2 pre-shared-key *****
crypto map outside_map 1 set reverse-route
crypto map outside_map interface outside

webvpn
group-policy GroupPolicy_THEIR_IP internal
group-policy GroupPolicy_THEIR_IP attributes
 vpn-filter value outside_cryptomap
 ipv6-vpn-filter none
 vpn-tunnel-protocol ikev1 
tunnel-group THEIR_IP type ipsec-l2l
tunnel-group THEIR_IP general-attributes
 default-group-policy GroupPolicy_THEIR_IP
tunnel-group THEIR_IP ipsec-attributes
 ikev1 pre-shared-key *****
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****
crypto ikev1 enable outside
crypto ikev1 policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400

这是数据包跟踪器的输出。我使用我的 IP 作为源，他们的防火墙作为目标，并在 OUR 接口上使用协议 0 的 IP

ROUTE-LOOKUP
Type -ROUTE-LOOKUP Action -ALLOW
Info
in 0.0.0.0 0.0.0.0 outsied
IT-OPTIONS
Type -IP-OPtions Action -ALLOW
NAT
Tyope -NAT Action -DROP Show rule in NAT Rules table.
Config
object network obj_any
nat (any,outside) dynamic interface
RESULT - The packet is dropped
Input Interface: OUR
Output  Interface:outside
Info: (acl-drop) Flow is denied by configured rule