Im still having problems.

here is the debug output requested.

I noticed this line in the debug

crypto_isakmp_process_block:src:81.129.167.199, dest:Local IP of PIX spt:50996 dpt:500

The IP seems to below to BT, is this normal ?

Thanks

Alex

check the following:-

1) You have the same IKE config at both sites.

2) You have configure the correct IP address for the remote peer on both sites.

The capture log indicates you are not neogtiating IKE correctly, either due to hash/encryption mis-match or incorrect peer IP address or both.

HTH>

Hi, I have checked the above with no luck. could a nat/router problem cause that output ?

also what does this line mean ?

crypto_isakmp_process_block:src:81.129.167.199, dest: a.a.a.a spt:50996 dpt:500

Many Thanks

Alex

it is possible if you are not directly connecting to the internet, and there is a NAT device in between.

It says that it is blocking an ISKMP packet from 81.129.167.199 to a.a.a.a

Thanks, I think the actual config's are ok so im going to try swapping the router.

hi, changed the router over and now receive this error

ISAKMP (0): speaking to another IOS box!

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match MINE

ISAKMP (0:0): Detected NAT-D payload

ISAKMP (0:0): NAT does not match HIS hash

Alex

Thanks for all your help.

The issue was that the remote boarder router although in its config said it was not doing any NAT it actually was. As soon as the router was swapped out the tunnel came back up.

Alex

np - glad to help.