Jay,

Thanks for your help! I used the document you suggested to correct a couple configuration errors.

Jeff

just wondering if the tunnel is up and running now.

below are the sample codes for configuring lan-lan vpn on a pix:

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

ip address outside 1.1.1.1 255.255.255.0

ip address inside 192.168.1.1 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

sysopt connection permit-ipsec

crypto ipsec transform-set myset esp-3des esp-md5-hmac

crypto map myvpn 10 ipsec-isakmp

crypto map myvpn 10 match address 121

crypto map myvpn 10 set peer 1.1.1.2

crypto map myvpn 10 set transform-set myset

crypto map myvpn interface outside

isakmp enable outside

isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400