Confusing VPN issue with 506e

Hello,

I am attempting to set up a site-to-site VPN between two 506e devices.

The issue I have is that the tunnel negotiates properly (showing one IKE tunnel and on IPsec tunnel), but I cannot communicate through the tunnel. I have just basic experience with Cisco products, so any help is appreciated.

Here are the configs... does anyone have any ideas?

Location 1:

PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password Oqs0uwSuU7vEH6wf encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname GPDPixFW domain-name gpd.local clock timezone EST -5 clock summer-time EDT recurring fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol icmp error fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list outside_cryptomap_20 permit ip 192.168.0.0 255.255.255.0

192.168.1.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list 102 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list outside_access_in permit icmp any any echo-reply pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 70.x.x.x 255.255.255.252 ip address inside 192.168.0.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm pdm location 192.168.0.48 255.255.255.240 outside pdm location 192.168.1.0 255.255.255.0 outside pdm location 192.168.2.0 255.255.255.0 outside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list 102 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 70.x.x.x x route outside 192.168.1.0 255.255.255.0 70.x.x.x 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set peer 74.x.x.x crypto map outside_map 20 set transform-set ESP-3DES-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 74.x.x.x netmask 255.255.255.255 no-xauth no-config-mode isakmp log 30 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 5 isakmp policy 20 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.0.226-192.168.0.230 inside dhcpd dns 192.168.0.200 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd domain gpd.local dhcpd auto_config outside dhcpd enable inside vpnclient server 12.12.12.12 vpnclient mode network-extension-mode vpnclient vpngroup GPDAdmin password ******** vpnclient username gvpn password ******** terminal width 80

---------------------------------------------------------------------------

Location 2:

PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 auto nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password rlojhembQlFv0RA2 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname GFDFirewall domain-name gfd.local fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inside_outbound_nat0_acl permit ip 192.168.1.0

255.255.255.0 192.168.0.0 255.255.255.0 access-list outside_cryptomap_20 permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_access_in permit ip any any pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside 74.x.x.x 255.255.255.252 ip address inside 192.168.1.182 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool GFDPool 192.168.1.30-192.168.1.50 pdm location 192.168.1.200 255.255.255.255 inside pdm location 192.168.0.0 255.255.255.0 outside pdm location 192.168.1.97 255.255.255.255 inside pdm location 192.168.1.140 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 access-group inside_access_in in interface inside route outside 0.0.0.0 0.0.0.0 74.x.x.x 1 route outside 192.168.0.0 255.255.255.0 74.x.x.x 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto map outside_map 20 ipsec-isakmp crypto map outside_map 20 match address outside_cryptomap_20 crypto map outside_map 20 set peer 70.x.x.x crypto map outside_map 20 set transform-set ESP-3DES-SHA crypto map outside_map interface outside isakmp enable outside isakmp key ******** address 70.x.x.x netmask 255.255.255.255 no-xauth no-config-mode isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash sha isakmp policy 20 group 5 isakmp policy 20 lifetime 86400 vpngroup GFD address-pool GFDPool vpngroup GFD idle-time 1800 vpngroup GFD password ******** telnet 192.168.1.97 255.255.255.255 inside telnet 192.168.1.140 255.255.255.255 inside telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd address 192.168.1.200-192.168.1.225 inside dhcpd dns 68.87.71.226 68.87.73.242 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside terminal width 80

Again, thank you for any help!

--Jason Turcotte