Hi 

i have an existing vpn between two sites.The vpn is up and trafic pass.Now i have a second netwok to join on the remote site.and i want to add the new network 10.2.1.0 in the vpn.I have done the configuration but i have the following error with packet tracer test."

Phase: 8
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:

Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule"

a default route exist and it route.

this is the conf of my vpn

crypto ikev1 enable OUTSIDE
crypto ikev1 am-disable
crypto ikev1 policy 2
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption 3des
hash sha
group 5
lifetime 86400

tunnel-group 100.100.100.100 type ipsec-l2l
tunnel-group 100.100.100.100 ipsec-attributes
ikev1 pre-shared-key *****
crypto ipsec ikev1 transform-set LibanFortinet esp-3des esp-sha-hmac

crypto map mymap 70 match address Acl_VPN
crypto map mymap 70 set pfs
crypto map mymap 70 set peer 100.100.100.100
crypto map mymap 70 set ikev1 transform-set LibanFortinet
crypto map mymap 70 set nat-t-disable
crypto map mymap interface OUTSIDE

access-list Acl_VPN extended permit ip 10.200.200.0 255.255.255.0 10.1.1.0 255.255.0.0

****************************************** adding new network************************************************************
access-list Acl_VPN extended permit ip 10.200.200.0 255.255.255.0 10.1.1.0 255.255.0.0
access-list Acl_VPN extended permit ip 10.200.200.0 255.255.255.0 10.2.1.0 255.255.0.0
**********************************************information****************************
route outside 0.0.0.0 0.0.0.0. gateway is existing that's why i don't put specific routing for remote networ.