Hello All,

I'm in need of some advice and really it is 2 questions. 

I have a site where a Cisco 881 is sitting behind a Cable modem (EPC3925) which unfortunately has the bridge mode disabled and I need to build a VPN to the 10.0.0.0/16 subnet.  But I'm having trouble so have switched to try and buld a VPN to the EPC3925.

I've had some success and I get phase 2 bewteen the 877 connected to NetB and the EPC but I cannot pass traffic.  See below

NetA 10.0.0.0/22----------881(DMZ192.168.1.254)----------(e0-192.168.1.1)EPC3925---------(internet)------------877-----------------NetB 172.16.4.0/24

My router 877 router config

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key inacsnp! address 0.0.0.0 0.0.0.0

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set strongsha esp-3des esp-sha-hmac

!

crypto ipsec profile encrypt-tunnel

set security-association lifetime seconds 3600

set transform-set vpnset

!

!

crypto map tosonicwall 20 ipsec-isakmp

set peer Y.Y.26.135

set transform-set strongsha

match address 115

Dialer0

crypto map tosonicwall

access-list 115 permit ip 172.16.0.0 0.0.255.255 192.168.1.0 0.0.0.255

The UPC is set to images attached

Any pointers woudl be appreciated as I've been bashing my head against the screen all day.

CSWALR01#sh crypto ipsec sa

interface: Dialer0

    Crypto map tag: tosonicwall, local addr X.X.46.191

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

   current_peer Y.Y.26.135 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: X.X.46.191, remote crypto endpt.: Y.Y.26.135

     path mtu 1500, ip mtu 1500, ip mtu idb Dialer0

     current outbound spi: 0x45C2000(73146368)

     inbound esp sas:

      spi: 0x3A8FB0E9(982495465)

        transform: esp-3des esp-sha-hmac ,

        in use settings ={Tunnel, }

        conn id: 9, flow_id: Motorola SEC 1.0:9, crypto map: tosonicwall

        sa timing: remaining key lifetime (k/sec): (4603763/28515)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0x45C2000(73146368)

        transform: esp-3des esp-sha-hmac ,

        in use settings ={Tunnel, }

        conn id: 10, flow_id: Motorola SEC 1.0:10, crypto map: tosonicwall

        sa timing: remaining key lifetime (k/sec): (4603763/28513)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

interface: Virtual-Access2

    Crypto map tag: tosonicwall, local addr X.X.46.191

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

   current_peer Y.Y.26.135 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: X.X.46.191, remote crypto endpt.: Y.Y.26.135

     path mtu 1500, ip mtu 1500, ip mtu idb Dialer0

     current outbound spi: 0x45C2000(73146368)

     inbound esp sas:

      spi: 0x3A8FB0E9(982495465)

        transform: esp-3des esp-sha-hmac ,

        in use settings ={Tunnel, }

        conn id: 9, flow_id: Motorola SEC 1.0:9, crypto map: tosonicwall

        sa timing: remaining key lifetime (k/sec): (4603763/28513)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

      spi: 0x45C2000(73146368)

        transform: esp-3des esp-sha-hmac ,

        in use settings ={Tunnel, }

        conn id: 10, flow_id: Motorola SEC 1.0:10, crypto map: tosonicwall

        sa timing: remaining key lifetime (k/sec): (4603763/28512)

        IV size: 8 bytes

        replay detection support: Y

        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

interface: Vlan254

    Crypto map tag: tosonicwall, local addr 192.168.254.1

   protected vrf: (none)

   local  ident (addr/mask/prot/port): (172.16.0.0/255.255.0.0/0/0)

   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)

   current_peer Y.Y.26.135 port 500

     PERMIT, flags={origin_is_acl,}

    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0

    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0

    #pkts compressed: 0, #pkts decompressed: 0

    #pkts not compressed: 0, #pkts compr. failed: 0

    #pkts not decompressed: 0, #pkts decompress failed: 0

    #send errors 0, #recv errors 0

     local crypto endpt.: 192.168.254.1, remote crypto endpt.: Y.Y.26.135

     path mtu 1500, ip mtu 1500, ip mtu idb Vlan254

     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas: