I'm getting an "ACL does not match proxy IDs" error that I'm not able to troubleshoot, googled this with a lot of results, tried some; but nothing applied.
I have setup 2 tunnels,
1/one from a pix 515e (office) to an ASA 5505 (hosted server) for my guys to access the hosted server
2/A second one from the ASA 5505 to my client's firewall so that its equipments can reach the hosted server and from the hosted server reach the equipments.
Both tunnels are working fine, my issue comes when I'm trying to join my clients equipments from my office, ie cascading the tunnels.
The setup has been done (part of it) with the help of external professional services and when we made a test it seems it was working...Seems because we've done only one test and as I'm not able anymore so I wonder if in fact it has ever worked!
This is the first time I'm trying to cascade some tunnels, no issues with other vpns I have been building.
I'm joining the configuration of the pix and the asa and an extract of the syslogs showing the error, hoping someone could point me to an obvious error I haven't seen!
Feel free to ask any information missing that could be useful, and many thanks in advance for your help!
NAT is done before crypto, for many reasons, flexibility most of all.
I checked the ACL and still see a mismatch, I mean number of ACLs and their contents MUST match the only difference being is that source and destination must be swapped between the two.
Until you correct this it will always be failing
Once you to this, you can maybe try checking where it's failing by refering to a reference I posted some time ago?
Can you maybe gather the debugs as described here: