Hello,

I have configured the tunnel between router-ASA. The tunnel is up but there is no reachability means, Not able to ping remote LAN IP.

1) At Router end, I am able view the encap packet,but No DECAP packets under "sh cry ipsec sa"(other tunnel are working fine except this)

2) At ASA end, I am unable to view local,remote peer IP pool under "sh cry ipsec sa'

3) Other tunnels configured on ASA which is working fine(other tunnel with PIX,ASA). This is the only one tunnel peering with router.

I am suspecting with ASA IOS? as its seems to be old IOS need you suggestions on this

Config details:

--------------

Config details @ A(ROUTER 2811 ,Version 12.4(9)T5)

==================================================

crypto isakmp key xxxxx address 2.2.2.2

crypto map VPN 100 ipsec-isakmp

description IPSec VPN to Baltimore

set peer 2.2.2.2

set transform-set 3des-set

match address 175

access-list 175 permit ip 172.16.21.0 0.0.0.255 10.50.0.0 0.0.255.255

Extended IP access list 110

361 deny ip 172.16.21.0 0.0.0.255 10.50.0.0 0.0.255.255

ip nat inside source list 110 pool NAT-POOL overload

===============================

Config at B (ASA 5510, 7.0(8)

===============================

crypto map VPN 30 match address 123

crypto map VPN 30 set peer <1.1.1.1>

crypto map VPN 30 set transform-set strong

Regards

sateesh

tunnel-group 1.1.1.1 type ipsec-l2l

tunnel-group 1.1.1.1 ipsec-attributes

pre-shared-key xxxxx

access-list 123 extended permit ip 10.50.0.0 255.255.0.0 172.16.21.0 255.255.

access-list nonat extended permit 10.50.0.0 255.255.0.0 172.16.21.0 255.255.255.0

=========================================