I'm having a little problem getting a site to site vpn tunnel working between an 1800 IOS router and a 5520 ASA. The tunnel negotiates and comes up ok however the clients at each end are unable to communicate.
Site A shows that it is receiving and transmitting ipsec encrypted packets across the tunnel, however site B shows that it is only sending encrypted packets and not receiving or decrypting packets. I've checked the routing time and time again but can't see anything wrong. Perhaps someone could cast an eye over the configs below and perhaps spot something obvious that I've missed?
Thanks for any assistance.
(I should mention I don't want to nat any of these addresses. The sites are part of an internal private network hence the use of private network 10 subnets and each clients ip address is routable on this network).
Site B Router Config:
crypto isakmp policy 11
crypto isakmp key somekey address 10.177.8.37
crypto ipsec transform-set vpntset esp-3des esp-md5-hmac
crypto map N3VPNACCESS 11 ipsec-isakmp
set peer 10.177.8.37
set transform-set vpntset
match address 120
ip address 10.217.63.130 255.255.255.224
crypto map N3VPNACCESS
ip address 10.217.63.190 255.255.255.224
ip route 0.0.0.0 0.0.0.0 10.217.63.129
ip route 10.177.8.37 255.255.255.255 10.217.63.129
ip route 10.177.29.0 255.255.255.0 10.177.8.37
access-list 120 permit ip 10.217.63.160 0.0.0.31 10.177.29.0 0.0.0.255
Site A ASA Config:
access-list NONAT extended permit ip 10.177.29.0 255.255.255.0 10.217.63.160 255.255.255.224
access-list SOME-SITE extended permit ip 10.177.29.0 255.255.255.0 10.217.63.160 255.255.255.224
crypto map N3VPNACCESS 24 match address SOME-SITE
crypto map N3VPNACCESS 24 set peer 10.217.63.130
crypto map N3VPNACCESS 24 set transform-set ESP-3DES-MD5
tunnel-group 10.191.63.4 type ipsec-l2l
tunnel-group 10.191.63.4 general-attributes
tunnel-group 10.191.63.4 ipsec-attributes