I have a bit of a perplexing issue setting up site to site VPN. The tunnel comes up fine from the other end, but won't initiate from traffic on this end. I have a ASA 5510 7.0(4) and the other side is a Cisco Router IOS 12.2(18) on what appears to be a 6509. The hosts on both sides are using public addressing. If I run a trace from this end it just passes by the ASA and heads out to the internet like there is no tunnel at all. If the other side pings the tunnel will come up fine and then the ASA sends the traffic through the tunnel.
Any help would be appreciated.
Thanks for the update! If this is static to static, then tunnel should come up fine when initiated by either side.
Now, you mentioned that when you removed port restriction on the IPSEC ACLs everything worked fine. So, the obvious question is, what is configured on the remote side. Is it configured for ALL Ports or specific ports. If it is all ports, then you need to configure your side to match the same. If not, I have seen behavior like this where IPSEC SA's are created only when initiated from a remote side where you have a "PERMIT IP" and the responder side is configured with specific ports.
Can you let us know what is the IPSEC ACL's configured on the router.
** Please rate if it helps **