I added your suggested NAT line and it still doesn't work.  When I run packet tracer program, and ping from 10.1.1.10 or another random inside address other than 10.1.1.1 the simulation works, but it doesn't work when I put 10.1.1.1 as the source.

Sorry for the confusion, but the other side of the tunnel is configured and I have verified all settings such as Crypto map, encryption domain, pre-shared key, and ISAKMP as well as IPSEC configurations.  But when I ping from my side to the remote end, it's as though it doesn't even attempt to bring up the tunnel.  At least when I ping from the remote side, (I have access to both) that side brings up a tunnel with a WAIT_ MSG_2.

Thank you for your assistance.

Can you issue the command "management-access inside" and then try to ping the destination address?

Please make sure the nat statements on the other end are correct.

Thanks,

Tarik Admani
*Please rate helpful posts*

Done.  Please see attached config.

As for the NAT on the other side, this is my office's head ASA and we NAT for many customers on this ASA currently.  All I usually add for a remote customer (which would be represented as my remote ASA "8108," in this case) is the following ACL:

access-list Josh extended permit ip 66.37.227.0 255.255.255.0 10.1.204.0 255.255.255.0

The ping still failed after I added the management command.  Not sure what that did.

Try clearing the xlate for the 10.1.1.1 and the connections for this host and see if the pings then succeed. Also are you allowing pings through in your policy map?

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

  inspect ip-options

  inspect icmp

Thanks,

Tarik Admani
*Please rate helpful posts*

Thank you for the continued support, but it's still not working after those changes.  I cleared xlates and added the policy map but still the pings fail.  I think it's some configuration that is simply not allowing the traffic over the tunnel or not recognizing that it needs to atleast attempt to open the tunnel, because when I ping from the other side of the tunnel, it sends traffic over the tunnel and I get "WAIT_MSG_2" but on this side, when I'm pinging, I just keep typing:

"show crypto isa sa" and I just get:

8108(config)# sho crypto isa sa

There are no isakmp sas

Like it's not even trying.  As I'm sure you've seen, I have "crypto isakmp enable outside" which was what I first thought it was, but now I'm stumped.

Suggestions?  Updated config attached.

Josh,

How about this command:

crypto map outside_map interface outside

Thanks,

Tarik Admani
*Please rate helpful posts*

So, I've started trying to get this to work again and now I get the tunnel to atleast try and come up but I'm getting the following Log results when I try to ping a 66.37.227.28 address:

%ASA-3-713042: IKE Initiator unable to find policy: Intf inside, Src: 10.1.204.164, Dst: 66.37.227.28

To add some clarity to my attached configuration, I'm trying to NAT my real addresses in the 10.1.1.0/24 range to a 10.1.204.0/24 if they are to travel over the VPN tunnel to the destination 66.37.227.0/24.  If they are not using the tunnel, then just normal interface NAT would apply.

Please see my attached config and try to help me find out why.

Thank you!