Hello, hopefully someone can help me out with this. I'm CCNA level, but not very familiar with Site-to-Site VPN setup. I have an ASA5510 for a remote site and trying to connect to a 5520 at the main site. I am not seeing the tunnel come up at all. here is the main site config that is relevant to VPN:
description Trusted Internal Interface
ip address x.x.x.x 255.255.0.0
description Time Warner External Interface
ip address y.y.y.y 255.255.255.248
access-list MATCH extended permit ip x.x.x.x 255.255.0.0 [remote network] 255.255.255.252
nat (inside) 0 access-list MATCH
crypto ipsec transform-set asa2transform esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map IPSECMAP 100 match address MATCH
crypto map IPSECMAP 100 set peer [remote outside interface]
crypto map IPSECMAP 100 set transform-set asa2transform
crypto map IPSECMAP interface TimeWarner
crypto isakmp identity address
crypto isakmp enable TimeWarner
crypto isakmp policy 100
tunnel-group [tunnel name] type ipsec-l2l
tunnel-group [tunnel name] ipsec-attributes
no tunnel-group-map enable ou
I have a few outside connections running into a switch and a trunk runnning into the ASA. I also have interface tracking for interface failover and the unit is a part of an active/standby cluster.
The config on the 5510 is the same except for the peer being the outside interface of the 5520 and the access-list being reversed.
Any help for a VPN newb would be much appreciated.