I have a functional ipsec tunnel between a PIX 515 and an ASA 5510 with version 7.0(7). I'm trying to replace that PIX 515 with an ASA 5510 with version 7.0(8). The configuration seems consistent to me, with the exception of the security-association lines which I don't see on the 7.0(7) ASA. I've compared other parts of the configuration on these three devices and I just don't understand why the ASA 7.0(8) isn't working where the PIX 515 is. At many steps along the way I have turned the crypto map to the interface off and on again. Here are what I figure are the relevant parts of the configurations on the three devices. Thanks in advance for your help.