The remote site, Side A receives a single BGP route to 126.96.36.199/32 via the provider.
Side B receives a variety of OSPF routes including a default route and a specific route to 188.8.131.52/32 from the core of the campus network.
2 7206vxr routers running 12.4T
The GRE tunnel works fine before IPSEC is applied so it does not appear to be a routing issue. It could still be a firewall issue at Site B.
From the counters it appears the IPSEC sa only works in one direction with traffic going from A to B but not from B to A and therefore the GRE tunnel stays down.
Should the crypto map apply to the physical interface, the tunnel, both? I see conflicting docs and examples. Also keep in mind that neither side has a route to the other's physical addresses. Only the loopbacks.
Whether the crypto map goes on the physical, the tunnel, or both depends on the version of code that you are running. In older versions of code it went on both. In newer versions of code it goes on only the physical. I see that you are running 12.4T and so the crypto map should be only on the physical interfaces.
The partial configs that you posted look ok and I do not see any particular problem with what is posted. One possible issue is how you get traffic to go over the tunnel. Could you post the parts of the configs that direct traffic over the tunnels? This might help us to find the source of your problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...