Hello,

I have an IPSEC tunnel to a vendor who I can reach and i see encaps/decaps. When he tries to ping my IP 192.168.26.10 i decap but can't encap. Can any one assist?

cleaned up config below. Please let me know if anyone wants to see more.

!

!

interface GigabitEthernet0/0

 nameif Outside

 security-level 0

 ip address 209.120.152.138 255.255.255.248 

!

interface GigabitEthernet0/1

 nameif Inside

 security-level 90

 ip address 172.31.2.89 255.255.255.252 

!

!

boot system disk0:/asa841-k8.bin

ftp mode passive 

access-list Outside_cryptomap extended permit ip host 10.121.4.2 host 212.247.19.43 

access-list Outside_cryptomap extended permit ip host 192.168.25.10 host 212.247.19.43 

access-list Outside_cryptomap extended permit ip host 192.168.26.10 host 212.247.19.43 

access-list Outside_cryptomap extended permit ip host 209.120.152.138 host 212.247.19.46 

nat (Inside,Outside) source dynamic my-inside-net interface

nat (InternetAccess,Outside) source dynamic InternetAccess interface

nat (InternetAccess,Outside) source dynamic Wireless interface

nat (VPN_IN,Outside) source static VPN OBJ-OUTSIDE-NETWORKS

!

route Outside 0.0.0.0 0.0.0.0 209.120.152.137 1

route InternetAccess 192.168.1.0 255.255.255.0 192.168.51.2 1

route InternetAccess 192.168.9.0 255.255.255.0 192.168.51.2 1

route InternetAccess 192.168.10.0 255.255.255.0 192.168.51.2 1

crypto ipsec ikev1 transform-set officevpn esp-aes-256 esp-sha-hmac 

crypto map vendor 1 match address Outside_cryptomap

crypto map vendor 1 set peer 212.247.19.42 

crypto map vendor 1 set ikev1 transform-set officevpn

crypto map vendor interface Outside

crypto ikev1 enable Outside

crypto ikev1 policy 1

 authentication pre-share

 encryption aes-256

 hash sha

 group 2

 lifetime 86400

ssl encryption aes256-sha1 aes128-sha1 3des-sha1 des-sha1

webvpn

tunnel-group vendor type ipsec-l2l

tunnel-group 212.247.19.42 type ipsec-l2l

tunnel-group 212.247.19.42 ipsec-attributes

 ikev1 pre-shared-key *****

!

Show commands

interface: Outside

    Crypto map tag: tbricks, seq num: 1, local addr: 209.120.152.138

      access-list Outside_cryptomap extended permit ip host 192.168.26.10 host 212.247.19.43 

      local ident (addr/mask/prot/port): (192.168.26.10/255.255.255.255/0/0)

      remote ident (addr/mask/prot/port): (212.247.19.43/255.255.255.255/0/0)

      current_peer: 212.247.19.42

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

      #pkts decaps: 134664, #pkts decrypt: 134664, #pkts verify: 134664

      #pkts compressed: 0, #pkts decompressed: 0

      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0

      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

      #send errors: 0, #recv errors: 0

      local crypto endpt.: 209.120.152.138/0, remote crypto endpt.: 212.247.19.42/0

      path mtu 1500, ipsec overhead 74, media mtu 1500

      current outbound spi: DD73567E

      current inbound spi : F5809969

    inbound esp sas:

      spi: 0xF5809969 (4118845801)

         transform: esp-aes-256 esp-sha-hmac no compression 

         in use settings ={L2L, Tunnel, }

         slot: 0, conn_id: 16384, crypto-map: tbricks

         sa timing: remaining key lifetime (kB/sec): (3914506/13686)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap: 

          0xFFFFFFFF 0xFFFFFFFF

    outbound esp sas:

      spi: 0xDD73567E (3715323518)

         transform: esp-aes-256 esp-sha-hmac no compression 

         in use settings ={L2L, Tunnel, }

         slot: 0, conn_id: 16384, crypto-map: tbricks

         sa timing: remaining key lifetime (kB/sec): (3915000/13686)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap: 

          0x00000000 0x00000001

    Crypto map tag: tbricks, seq num: 1, local addr: 209.120.152.138

      access-list Outside_cryptomap extended permit ip host 209.120.152.138 host 212.247.19.46 

      local ident (addr/mask/prot/port): (209.120.152.138/255.255.255.255/0/0)

      remote ident (addr/mask/prot/port): (212.247.19.46/255.255.255.255/0/0)

      current_peer: 212.247.19.42

      #pkts encaps: 522, #pkts encrypt: 522, #pkts digest: 522

      #pkts decaps: 585, #pkts decrypt: 585, #pkts verify: 585

      #pkts compressed: 0, #pkts decompressed: 0

      #pkts not compressed: 522, #pkts comp failed: 0, #pkts decomp failed: 0

      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0

      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0

      #send errors: 0, #recv errors: 0

      local crypto endpt.: 209.120.152.138/0, remote crypto endpt.: 212.247.19.42/0

      path mtu 1500, ipsec overhead 74, media mtu 1500

      current outbound spi: 52B73700

      current inbound spi : 6456A473

    inbound esp sas:

      spi: 0x6456A473 (1683399795)

         transform: esp-aes-256 esp-sha-hmac no compression 

         in use settings ={L2L, Tunnel, }

         slot: 0, conn_id: 16384, crypto-map: tbricks

         sa timing: remaining key lifetime (kB/sec): (3914313/28366)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap: 

          0xFFFFFFFF 0xFFFFFFFF

    outbound esp sas:

      spi: 0x52B73700 (1387738880)

         transform: esp-aes-256 esp-sha-hmac no compression 

         in use settings ={L2L, Tunnel, }

         slot: 0, conn_id: 16384, crypto-map: tbricks

         sa timing: remaining key lifetime (kB/sec): (3914958/28366)

         IV size: 16 bytes

         replay detection support: Y

         Anti replay bitmap: 

          0x00000000 0x00000001

Thank you in advance