Hi,

You can start with the basics:

1. check if the configuration is at place.

     phase 1 and phase 2 policies are defined or not

     dynamic map is created and mapped to crypto map

     crypto map has to be applied on outside i.e. WAN interface

     wan interface is enabled for isakmp connections

     Define a pool ip

     Tunnel-group is configured

     define the pool in the tunnel group

     if split-tunnel is required, check if group-policy is created with split tunnel in it.

     ensure that the group-policy is applied on the tunnel-group

     if external authentication is required.

     ensure that the authentication server group is defined on the tunnel-group.

     Ensure the traffic from the inside network to the pool ip is nat exempted.

2. Authentication aspect on ASA.

     define a aaa-server

     define the key

     ensure the "test authentication" is working fine

3. Lastly on the ACS.

     ensure you have the ASA defined as the NAS.

     same shared secret is defined.

     AD is integrated with ACS.

4. check the Profile created.

     ensure that the host ip is the WAN ip of the ASA
     Also ensure that the group authentication > Name is same as the tunnel-group name on the ASA.

     the password is same as the pre-shared key defined on the tunnel-group.

If still the tunnel does not come up.check the following:

sh cry isa sa -- Check if the tunnel is up or not. what state is it at

sh cry ips sa -- check for encaps and decaps.

finally run the debugs and check at what state it is getting stuck.

deb cry isa 127

deb cry ips 127

The following link will give you details of configuration of RA VPN:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered, if you feel your query is resolved. do rate helpful posts.