I only have access to the ASDM console for both sites at the moment and I'm not able to run those debug commands.

When you say in the second config (which I assume is SiteB) that I am sending traffic through two different VPN tunnels what do you mean exactly? (Sorry for the silly question).

That ASA should only have one VPN tunnel going to 193.xx.xx.130.

In the morning I will be going to that site and changing its actual internet connection to a new ISP and re-creating the tunnel to 193.xx.xx.130.

On Site A's VPN stats I can see its RX Bytes value increasing but its TX Bytes value is 0.

On Site B's VPN stats I can see its RX Bytes is 0 and its TX Value is increasing.

Would that mean the fault lies with Site A as it isn't transmitting to Site A?

Thanks again for all your help.

Site A has a tunnel pointing to this IP:  194.125.91.30
Is sending traffic from 10.255.0.0/16 to 192.168.19.0/24 through the tunnel.

Site B has two tunnels:
One pointing to IP 62.77.180.162
The other to IP 77.75.100.194
Both tunnels send traffic from 192.168.19.0/24 to 10.255.0.0/16 through the tunnel.

Which one is the correct tunnel on Site B?
In other words, which IP is the correct one to reach Site A 62.77.180.162 or 77.75.100.194?

What you say is correct in terms that there's a problem at Site A that is not TX packets.

Federico.

Okay I see what you mean now!

The tunnel to 62.77.180.162 is the old tunnel which I have now actually removed.

The tunnel to 77.75.100.194 was actually a typo from earlier and should read 193.120.xx.xx.

I altered the config slightly after I posted the question, sorry about that.

So at the moment Site A (193.120.XX.XX) has a tunnel to Site B (194.125.XX.XX.) and vice versa.

Site A has the TX Bytes = 0 and Site B has the RX Bytes = 0

Sorry about all the confusion, I hope that makes sense!

Thanks again!

No change, the TX on Site A remained at 0 but the RX increased.

On Site B the TX increased but the RX stayed at zero.

Neither ping was successful tho.

If Site's A TX is 0, then the problem is at Site's A.

Site A should bypass NAT and then encrypt the traffic when going to Site B.

The default gateway that you have on Site A has a metric of 255. (This is unreachable, why do you have such metric)?  Do you have Internet access fine from Site A?

Change the command:

no route outside 0.0.0.0 0.0.0.0 xxxxxxxxx 255

to

route outside 0.0.0.0 0.0.0.0 xxxxxxxxx 255

Let's see...

Federico.

We have internet access on Site A's firewall. We also have another remote site ( SITE C) coming through Site A

and its fine. Its TX vaule is increasing all the time.

I haven't changed the route command just in case it affects Site C that is up and running.

I bet its something simple I'm missing here!

Please post your current configs exactly as they are now.

Federico.

Here you go, Site A and Site B.

Thanks!

Sorry to insist, but you're positive that the second tunnel on Site A is not established? (the one you say to ignore in the configuration)?

Is because if this tunnel is established, all traffic intended to Site B, will be sent incorrectly to this other tunnel we should ignore.

Federico.

Your fine!

That second tunnel 77.75.xx.xx doesnt even exist yet. It is going to be the new ISP on site B eventually but at the moment its not even hooked up to our system or even to the firewall in Site B.

Just to confirm I have taken a screen shot of the VPN Sessions.

How do I remove it altogether from Site A, just to ensure its not causing confusion somehow.

Lets remove it anyway...

no crypto map outside_map 2 match address outside_2_cryptomap
no crypto map outside_map 2 set pfs group1
no crypto map outside_map 2 set peer 77.75.XX

no crypto map outside_map 2 set transform-set ESP-3DES-SHA

Let's see if it makes any difference.

Federico.

No luck Federico

Still the same. TX's not increasing on Site A for the tunnel but the TX's are increasing on Site B.

I'm lost at this stage.

Thanks for sticking with this as long as you have, its much appreciated.