Hi, running a PIX515E hub (6.3(1)) with ASA 5505 spokes (7.2(3)). I'm attaching the configs. I've been using http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093bd3.shtml
to configure the hub for the second spoke (the first spoke is up and working). I thought I could just replicate what i'm doing on spoke 1 and add the Lan address to the existing NoNat ACL and add a new one for the new cryptomap, but when i try to initiate it from the hub side I get "IPSEC(sa_initiate): ACL = deny; no sa created" yet when i do a Sho ACL for 102 and NoNAT they have hits (yes they increment when i attempt to connect).