Hi guys,

I'm trying to get Site to Site VPN working on two 5505 that I have in my lab.

Image attached...

I've used the wizard for configuration and I believe that it all looks good. However, it doesn't work when I run the following command:

Community-Site# sh ipsec sa

There are no ipsec sas

I believe I have to generate some traffic, so I've tried to ping and access IIS from one laptop to the other without any luck.

Ping between ASAs works fine.

ASAs are 5505 8.2(5)

Config is:

Community Site

interface Ethernet0/0
 description OUTSIDE
 switchport access vlan 2
!
interface Ethernet0/1
 description INSIDE
!
interface Ethernet0/2
!

!
interface Vlan1
 description Community Site
 nameif inside
 security-level 100
 ip address 192.168.20.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 50
 ip address 10.181.10.2 255.255.255.0

object-group network obj_any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit icmp any any
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 Remote-Network 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 Remote-Network 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.181.10.1 1

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 10.181.1.1
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2

tunnel-group 10.181.1.1 type ipsec-l2l
tunnel-group 10.181.1.1 ipsec-attributes

Config on other side is:

Corporate

name 192.168.20.0 Remote-Network description Community Network
!
interface Ethernet0/0
 description OUTSIDE
 switchport access vlan 2
!
interface Ethernet0/1
 description INSIDE
!
interface Ethernet0/2
!

!
interface Vlan1
 description Torbay Corp
 nameif inside
 security-level 100
 ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 50
 ip address 10.181.10.1 255.255.0.0
!
ftp mode passive
access-list outside_access_in_1 extended permit ip any any
access-list outside_access_in_1 extended permit icmp any any
access-list inside_access_in_1 extended permit ip any any
access-list inside_access_in_1 extended permit icmp any any
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 Remote-Network 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 Remote-Network 255.255.255.0
pager lines 24

access-group outside_access_in_1 in interface outside
access-group inside_access_in_1 in interface inside
route outside 0.0.0.0 0.0.0.0 10.181.10.2 1

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 10.181.10.2
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group 10.181.10.2 type ipsec-l2l
tunnel-group 10.181.10.2 ipsec-attributes
 pre-shared-key *****
!