HI, I have 2 questions

is this mpossile in a multisite scenario ?

Dont we have to call any access list in the main site which has static IP ?

1) You can have multiple dynamic sites connecting to static site.

2) If it's dynamic, you don't have to configure access-list, you would need to use dynamic-map

the tunnel actually got established but was facing a problem with traffic forwarding.

Moreover i am also not able to put the following command in remote asa

crypto map newmap 10 ipsec-isakmp

Can u pls help me further

What do you mean by you can't put the command: crypto map newmap 10 ipsec-isakmp

Can you share the config? and also the output of what you tried to configure.

hi,

i have established the tunnel

Out of 2 sites one site is working with out any issues

the other site tunnel is been formed but i am not able to ping any interested traffic.

Wat and all i need to check

Make sure the third site's LAN does not overlap with the other sites' LAN.

Is this the dynamic peer? So you are seeing Phase 1 - QM_IDLE, and can you share the output of "show crypto ipsec sa peer "

I have changed the ip addresses. Pls dont mind

sh crypto ipsec sa peer 1.1.1.1

peer address: 1.1.1.1
    Crypto map tag: cisco, seq num: 20, local addr: 2.2.2.2

      local ident (addr/mask/prot/port): (10.3.0.0/255.255.0.0/0/0)
      remote ident (addr/mask/prot/port): (172.16.3.0/255.255.255.0/0/0)
      current_peer: 1.1.1.1

      #pkts encaps: 18, #pkts encrypt: 18, #pkts digest: 18
      #pkts decaps: 194, #pkts decrypt: 194, #pkts verify: 194
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 18, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

      local crypto endpt.: 2.2.2.2 /4500, remote crypto endpt.: 1.1.1.1/4500
      path mtu 1500, ipsec overhead 66, media mtu 1500
      current outbound spi: 9738032C

    inbound esp sas:
      spi: 0x2E96F8B6 (781646006)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel,  NAT-T-Encaps, }
         slot: 0, conn_id: 167936, crypto-map: cisco
         sa timing: remaining key lifetime (kB/sec): (4373981/28746)
         IV size: 8 bytes
         replay detection support: Y
Anti replay bitmap:
        0xFFFFFFFF 0xFFFFFFFF
    outbound esp sas:
      spi: 0x9738032C (2537030444)
         transform: esp-3des esp-sha-hmac no compression
         in use settings ={L2L, Tunnel,  NAT-T-Encaps, }
         slot: 0, conn_id: 167936, crypto-map: cisco
         sa timing: remaining key lifetime (kB/sec): (4373992/28742)
         IV size: 8 bytes
         replay detection support: Y
Anti replay bitmap:
        0x00000000 0x00000001

and the peer 1.1.1.1 is the dynamic peer. I dont see any idle messages

thanks it is working now