peer address: 1.1.1.1
    Crypto map tag: outside_map, seq num: 51, local addr: 200.80.147.254

      access-list test permit ip 192.168.100.0 255.255.255.0 192.168.22.0 255.255.255.0 
      local ident (addr/mask/prot/port): (192.168.100.0/255.255.255.0/0/0)
      remote ident (addr/mask/prot/port): (192.168.22.0/255.255.255.0/0/0)
      current_peer: 1.1.1.1

      #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 44147, #pkts decrypt: 44147, #pkts verify: 44147
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 1.1.1.2, remote crypto endpt.: 1.1.1.1

      path mtu 1500, ipsec overhead 58, media mtu 1500
      current outbound spi: 0B47667C

    inbound esp sas:
      spi: 0x3552F180 (894628224)
         transform: esp-3des esp-md5-hmac no compression 
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 5992448, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4373270/8059)
         IV size: 8 bytes
         replay detection support: Y
Anti replay bitmap: 
        0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0x0B47667C (189228668)
         transform: esp-3des esp-md5-hmac no compression 
         in use settings ={L2L, Tunnel, PFS Group 2, }
         slot: 0, conn_id: 5992448, crypto-map: outside_map
         sa timing: remaining key lifetime (kB/sec): (4374000/8059)
         IV size: 8 bytes
         replay detection support: Y
Anti replay bitmap: 
        0x00000000 0x00000001

Packet is being decrypted, so it means traffic is coming from other side this this side.

But since encryption count is 0, so it doesn't seem that this end of tunnel is sent packet to other side.

make sure that ICMP is allowed on inside interface, also check crypto map and routes.

I got it to work i was missing the no_nat acl.

thanks for all your help!!

Based on debug it says "All SA proposals found unacceptable". I think "running config" would be needed. What is the version of PIX?

BTW, just found that in your link both router and PIX has peer as "1.0.0.2" which is not correct. Hope you have not configured it similarly. It Peer should be IP address of outside interface of neighbor device.

Hi,

on PIX your IPSEC transform set is

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

while from link, the transform set of router is

crypto ipsec transform-set myset esp-des esp-sha-hmac ////This is a mismatch

Also on router isakmp policy is

crypto isakmp policy 20
      authentication pre-share
      hash md5

Hope router is using default encryption as "des" and group 2. If not try to manually set it to this value, so that there is no mismatch.

Also if you are simply copying the configuration from the link you provided then make sure peer address is set correctly, the link has wrong config.

Thanks