Hello All,

I have a site to site VPN between an ASA5540 and an ASA5510.  The tunnel is up and passing traffic between all networks but one.  The network that is not passing traffic is allowed in the object group for access on both sides, but when running a show crypto ipsec sa I get the following:

HOST SIDE - 5540

#pkts encaps: 275063, #pkts encrypt: 275062, #pkts digest: 275062
      #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 275063, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 1, #fragments created: 0
      #PMTUs sent: 1, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

REMOTE SIDE - 5510

  #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
      #pkts decaps: 187550, #pkts decrypt: 187550, #pkts verify: 187550
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
      #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
      #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
      #send errors: 0, #recv errors: 0

Please let me know if anyone out there has any ideas on this one.  I currently don't have access to the remote side but host side is accessible.

Thanks,

Kimberly