I recently setup a VPN IPsec tunnel between two PIX devices. I ran into a problem with the remote PIX device when trying to route anything for a 10.x.x.x across the VPN tunnel. Here is the sample config that I was using.
ip address 213.x.x.1 255.255.255.224
ip address 10.43.1.1 255.255.255.0
access-list inside extended permit icmp any any
access-list inside extended permit ip 10.43.1.0 255.255.255.0 any
access-list Outside_cryptomap_20 extended permit ip 10.43.1.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list NONAT extended permit ip 10.43.1.0 255.255.255.0 10.0.0.0 255.0.0.0
One of the reason could be, that the remote side was configured with 4 ACL Entries for the IPSEC Traffic. Keep in mind, the Crypto ACL have to be mirror images of each other for the tunnel to come up and work properly.
I see couple of things, Default Route on the Pix pointing to the inside interface and the ISAKMP Lifetime not matching but that should not affect your tunnel from working with ACL of 10.0.0.0 255.0.0.0.
Is it possible for you to go back to the ACL with single entry, try to bring up the tunnel and post the outputs of:
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...