I am pretty new to configuring ASAs.

I have a Site-to-Site VPN setup between two ASA 5505s.

The Tunnel is up and one side is sending but not receiving while the other is receiving but not sendind under the VPN monitoring tab.

The ASA that is receiving is our Main Office and it is connected to several other ASAs that are working as expected.

The setup for this is pretty basic. Cable modem with Static IP to ASA. No switches.

This is the third day I've been looking at this trying every troubleshooting step I can follow on the cisco forums.

ANY help or direction would be greatly appreciated.

This is the running config of the new ASA

: Saved

:

ASA Version 8.2(5)

!

hostname ciscoasa

enable password jkrpsRYtu8nSWLEb encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

name 192.168.1.0 trinity

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.3.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address xx.xx.xx.165 255.255.255.0

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

name-server 68.105.28.16

name-server 68.105.29.16

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 trinity 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 trinity 255.255.255.0

access-list inside_access_in extended permit ip any any

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit tcp any interface outside eq 3389

access-list outside_access_in extended permit tcp any interface outside eq ftp

access-list outside_access_in extended permit ip 192.168.3.0 255.255.255.0 trinity 255.255.255.0

access-list NO-NAT extended permit ip 192.168.3.0 255.255.255.0 trinity 255.255.255.0

access-list 111 extended permit ip 192.168.3.0 255.255.255.0 trinity 255.255.255.0

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

access-group outside_access_in in interface outside

route outside 0.0.0.0 0.0.0.0 70.168.245.161 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.3.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs group1

crypto map outside_map 1 set peer xx.xx.xx.170

crypto map outside_map 1 set transform-set ESP-3DES-SHA

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption des

hash sha

group 1

lifetime 86400

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.3.5-192.168.3.254 inside

dhcpd dns 68.105.28.16 68.105.29.16 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

group-policy DfltGrpPolicy attributes

vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn

tunnel-group xx.xx.xx.170 type ipsec-l2l

tunnel-group xx.xx.xx.170 ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:0813c1c5c45fef815e91cd7aebab0906

: end

asdm location trinity 255.255.255.0 inside

no asdm history enable

Let me know if I need to post the Main Office's running-config.

Thanks,

Mike