I have this scenario with a PIX 525 6.3, this has worked for months and suddenly stopped.
I have a device on the inside network that needs to access a remote site network through a VPN tunnel.
Inside network device is 10.11.150.1, needs to access remote device 10.79.15.3.
The remote side is supposed to see my device as a 10.91.6.1 address, I am supposed to see his 10.79.15.3 as my destination.
Debugs show the tunnel never attempts to come up, but I see hits on all of the access-lists associated with this config.
My question is, if something happened to the peer (according to them nothing has changed) config, or it is not accessable from my end, would the access-lists show hits and the traffic just get dropped?
crypto map p 30 ipsec-isakmp
crypto map p 30 match address Translate
crypto map p 30 set peer 220.127.116.11
crypto map p 30 set transform-set 3dessha
static (inside,outside) 10.91.6.1 access-list translation 0 0
access-list Translation permit ip host 10.11.150.1 10.79.8.0 255.255.248.0
access-list Translate permit ip 10.91.6.0 255.255.255.240 10.79.8.0 255.255.248.0