I am running version 7.2 here is the output of the sh crypto command, the line you asked about is there.

ciscoasa# sh run crypto isakmp

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp nat-traversal 20

Anything else? how do I tell if the problem is my end or thiers?

Oh, lan 2 lan tunnel, sorry.

Can you post the ASA config minus passwords etc. Also is the topology just like this, no other firewalls etc.?

your inside -- ASA -- Internet -- Sidewinder -- their inside

Yes, that is the basic topology

My Inside--ASA--Internet--Sidewinder--Thier Inside

Here is a slimmed down output of my sh run. I tried to delete IP's and most of the stuff that doesn't pertain to this, if I removed too much please let me know, and I'll try to get it right.

Thanks

Rob

vpn-tunnel-protocol l2tp-ipsec

group-policy DefaultRAGroup_1 internal

group-policy DefaultRAGroup_1 attributes

dns-server value A.A.A.199

vpn-tunnel-protocol l2tp-ipsec

!

Deleted

!

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 140 set transform-set TRANS_ESP_3DES_SHA

crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA

crypto map outside_map 1 match address outside_cryptomap_8

crypto map outside_map 1 set peer REMOTE VPN PROBLEM IP C.C.C.193

crypto map outside_map 1 set transform-set ESP-3DES-MD5

crypto map outside_map 1 set phase1-mode aggressive

!

Deleted

!

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

!

Deleted

!

isakmp keepalive disable

tunnel-group REMOTE VPN PROBLEM IP C.C.C.193 type ipsec-l2l

tunnel-group REMOTE VPN PROBLEM IP C.C.C.193 ipsec-attributes

pre-shared-key *

isakmp keepalive disable

!

Deleted

!

Can you log on the ASA as they try to bring up the tunnel?

debug crypto isakmp

debug crypto ipsec

Hey, good idea, why do I always forget that command.

Ok, tried it, shows nothing, had it tear down and reset the tunnel twice. no debug entries.

Bummer.

debug crypto isakmp 7

debug crypto ipsec 7

can you post your access-list outside_cryptomap_8?