Attempting to setup a site to site vpn between a pix 515e and ASA 5505. The tunnel comes up on both ends but passes no traffic. The nat weirdness is happening on the internet router on the asa side, the serial link to the internet is privately addressed. The ethernet port has a public address, but is a nat inside interface. Would appreciate comments suggestions.
Thanks, as you can see on the output, your ASA receives and sends back the packets encrypts and decrypts are almost even, however your pix is not receiving any packets at all, this indicates a blocking issue infront of the pix check for the router infront of it and make sure that protocol 50 ESP is opened (note protocol not port) and also udp 500 and 4500.
So phase 1 establishes.. which is udp 500 SA completes which is ESP but traffic does not go back yet the ASA shows packets sent and received and PIX only shows sent but not received packets.. are you aware of any NAT on the path for these devices? can you check if nat-t is enabled on both sides? if it was not enabled, can you please enable it and restart the tunnel?