dear team,

please find below

crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key abraj address 62.149.81.49
!
!
crypto ipsec transform-set new esp-aes 256 esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.149.81.49
set peer 62.149.81.49
set transform-set new
match address 100
!
!
!
!
interface FastEthernet0/0
description WAN-PORT-FDR15-Sw1-4/47
ip address 10.16.118.100 255.255.255.0
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
crypto map SDM_CMAP_1
!
interface FastEthernet0/1
description LAN-PORT-FDR15-Sw1-4/48
ip address 10.64.77.10 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.16.118.250
ip route 10.65.168.0 255.255.255.0 10.10.20.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/0 overload
!
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 100 remark IPSec Rule
access-list 101 remark CCP_ACL Category=16
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 101 permit ip 10.64.77.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
access-list 101 remark IPSec Rule
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
!
!

Hello,

 

try and make the split tunnel access lists exact mirrors of each other. So, make access list 101 look like below:

 

--> no access-list 101

 

access-list 101 deny ip 10.64.77.0 0.0.0.255 10.64.4.0 0.0.3.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.65.168.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.33.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 172.25.124.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.67.32.0 0.0.0.255
access-list 101 deny ip 10.64.77.0 0.0.0.255 10.2.1.0 0.0.0.255
access-list 101 permit ip 10.64.77.0 0.0.0.255 any

hi,

 

i try same which you provide me but still the issue with telnet and packets drops