Hi RJI,

i can't debbug because i back to the old asa and can do a new test maybe on saturday when users will be out of office

Probably want to clean your 5525-x config by removing unnecessary IKEv2 configuration. 

Hi Joseph.

i already removed the IKEv2, still not working,

attached is the other site router configuration wich is working with 5520

Hi Dear

Here is the debug crypto ikev1

pr 18 16:41:57 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:41:58 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:41:59 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:00 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:00 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:03 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:06 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:07 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)
Apr 18 16:42:08 [IKEv1]IP = 94.107.139.137, Header invalid, missing SA payload! (next payload = 133)

here is sh crypto

ciscoasa# sh cry ipsec sa
interface: outside
Crypto map tag: outside_map, seq num: 2, local addr: 1.1.1.1

access-list outside_cryptomap extended permit ip 10.4.2.0 255.255.255.0 192.168.10.0 255.255.255.0
local ident (addr/mask/prot/port): (10.4.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
current_peer: 2.2.2.2

#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 34, #pkts decrypt: 34, #pkts verify: 34
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0

local crypto endpt.: 1.1.1.1/0, remote crypto endpt.: 2.2.2.2/0
path mtu 1500, ipsec overhead 58(36), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: 0BEDD314
current inbound spi : A1404C65

inbound esp sas:
spi: 0xA1404C65 (2705345637)
SA State: active
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 86437888, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3914996/2936)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000007 0xFFFFFFFF
outbound esp sas:
spi: 0x0BEDD314 (200135444)
SA State: active
transform: esp-des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 86437888, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (3915000/2936)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

ciscoasa#

Hi RJI,

Many thanks for your support, it's solved my issue,  Now the VPN is UP and working