Hi, I m making a tunnel site to site Vpn with ISP so can u guys please check the attached configuration. Tell me if i m missing anything in cnfiguration. Thanks
disable pfs. your isp is clearly not using it.
and make sure your crypto acl matches theirs. at first glance, it doesn't. one of their acl entries is using object groups - make sure you've realized that.
ok just remove crypto map outside_map interface outside and enable it again.
Can u remove pfs on both sites and then try (remove crypto map and enable it again) ..becoz this error normally shows the mismatch pfs issue.