I'm trying to get a tunnel to come up between a 5510 and a 5505. I currently have a vpn tunnel up and running from the 5510 to another remote site. The debug error is listed above. I'm not sure what I'm missing. Configs are below. Thanks.
5510 -
access-list Outside_cryptomap extended permit ip 10.1.1.0 255.255.255.0 object-group Omaha_Internal_Networks
access-list Outside_cryptomap_1 extended permit ip 10.1.1.0 255.255.255.0 IPP_KC_LAN 255.255.255.0
access-list NoNat-inside extended permit ip 10.1.1.0 255.255.255.0 object-group Omaha_Internal_Networks - WORKING
access-list NoNat-inside extended permit ip 10.1.1.0 255.255.255.0 10.1.30.0 255.255.255.0 - WORKING
access-list NoNat-inside extended permit ip 10.1.1.0 255.255.255.0 10.1.200.0 255.255.255.0 - WORKING
access-list NoNat-inside extended permit ip 10.1.1.0 255.255.255.0 IPP_KC_LAN 255.255.255.0 - NOT WORKING
!
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map1 1 match address Outside_cryptomap
crypto map Outside_map1 1 set pfs group1
crypto map Outside_map1 1 set peer IPP_Omaha_VPN
crypto map Outside_map1 1 set transform-set ESP-3DES-SHA
crypto map Outside_map1 2 match address Outside_cryptomap_1
crypto map Outside_map1 2 set pfs group1
crypto map Outside_map1 2 set peer IPP_KC_VPN
crypto map Outside_map1 2 set transform-set ESP-3DES-SHA
crypto map Outside_map1 interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec
group-policy IPP-Omaha-Grp-Policy internal
group-policy IPP-KC-Grp-Policy internal
username admin password mP9gWYiqKEsLuHle encrypted
tunnel-group Omaha type ipsec-l2l
tunnel-group Omaha ipsec-attributes
pre-shared-key *****
tunnel-group KC type ipsec-l2l
tunnel-group KC ipsec-attributes
pre-shared-key *****
5505 (KC) -
access-list NoNat-inside extended permit ip IPP_KC 255.255.255.0 IPP_DSM 255.255.255.0
access-list outside_1_cryptomap extended permit ip IPP_KC 255.255.255.0 IPP_DSM 255.255.255.0
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer IPP-DSM-VPN-Primary
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
!
group-policy IPP-DSM-Grp-Policy internal
tunnel-group DSM type ipsec-l2l
tunnel-group DSM ipsec-attributes
pre-shared-key *****
