Link to home
Start Free TrialLog in
Avatar of mazzarito
mazzarito

asked on

Cisco SR 520 site-to-site VPN with PIX

Currently trying to setup a site-to-site VPN between an SR520 and a PIX501 unit... PIX currently says it's connected but I'm really not familiar with the SR520 and I'm unsure how to even view connections from that end... Here is the config for the SR520:


version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname mvpmain
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$e98I$bzbldgUfjhDM2c4wFOB911
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
!
crypto pki trustpoint TP-self-signed-566879410
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-566879410
 revocation-check none
 rsakeypair TP-self-signed-566879410
!
!
crypto pki certificate chain TP-self-signed-566879410
 certificate self-signed 01
  3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35363638 37393431 30301E17 0D303230 33303130 30303530
  335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3536 36383739
  34313030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A4226A8B 5B8B0D56 64BDE87A F1B53031 84D37534 6ED4EE43 3C936F8E 9F5323E2
  80CE7183 556DC5E1 FBED1139 DCC1EBAA 53DB35ED C7F171C0 53BF16F0 46EBF06D
  09556CFC 6539010D D7C35335 43DF6846 1A39A8B5 09E57D65 56E7E79D ABB65978
  DE6C0187 42A25AC3 E178379E AB987F35 F7E9D08C 55FA7C64 CF79EC55 30721445
  02030100 01A36530 63300F06 03551D13 0101FF04 05300301 01FF3010 0603551D
  11040930 07820553 52353230 301F0603 551D2304 18301680 1412530A 4D66A0C5
  F643D6C8 A482EEDA 76C14589 5A301D06 03551D0E 04160414 12530A4D 66A0C5F6
  43D6C8A4 82EEDA76 C145895A 300D0609 2A864886 F70D0101 04050003 81810096
  D9A809B6 A75E820F 1FF354DE AF14AFC8 70F47F41 8F4CA1F7 4CBE8CE0 17D45EB3
  C4A4EDB8 428DBF9E C2F1F47E 2245EA57 A41C7458 2FBD8FA4 C2449912 B1A07B47
  54F8988A CA796307 A97FE70C C5B3B18E 56FC4180 9935C7DD 49083894 CDEB6761
  8CEA92A6 FC514A78 4194C6B6 F75ABAE0 7319F953 32BDF0DF CCC73CEA 280AB0
        quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.75.1 192.168.75.10
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool inside
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server xxx.xxx.1.1
!
!
ip cef
ip name-server xxx.xxx.1.1
ip name-server xxx.xxx.1.2
ip inspect log drop-pkt
!
no ipv6 cef
multilink bundle-name authenticated

parameter-map type inspect z1-z2-pmap
 audit-trail on
parameter-map type protocol-info msn-servers
 server name messenger.hotmail.com
 server name gateway.messenger.hotmail.com
 server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
 server name login.oscar.aol.com
 server name toc.oscar.aol.com
 server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
 server name scs.msg.yahoo.com
 server name scsa.msg.yahoo.com
 server name scsb.msg.yahoo.com
 server name scsc.msg.yahoo.com
 server name scsd.msg.yahoo.com
 server name cs16.msg.dcn.yahoo.com
 server name cs19.msg.dcn.yahoo.com
 server name cs42.msg.dcn.yahoo.com
 server name cs53.msg.dcn.yahoo.com
 server name cs54.msg.dcn.yahoo.com
 server name ads1.vip.scd.yahoo.com
 server name radio1.launch.vip.dal.yahoo.com
 server name in1.msg.vip.re2.yahoo.com
 server name data1.my.vip.sc5.yahoo.com
 server name address1.pim.vip.mud.yahoo.com
 server name edit.messenger.yahoo.com
 server name messenger.yahoo.com
 server name http.pager.yahoo.com
 server name privacy.yahoo.com
 server name csa.yahoo.com
 server name csb.yahoo.com
 server name csc.yahoo.com

!
!
username mavp privilege 15 secret 5 $1$7Jiu$D9URDehuIxSIii5ykvtO/0
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key letmvpin address xxx.xxx.xxx.50
!
crypto isakmp client configuration group EZVPN_GROUP_1
 key mvpvpn55
 dns 192.168.0.220 192.168.0.221
 pool SDM_POOL_1
 acl 101
 save-password
 max-users 10
crypto isakmp profile sdm-ike-profile-1
   match identity group EZVPN_GROUP_1
   client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
   isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
   client configuration address respond
   virtual-template 2
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set mvpstatic esp-3des esp-md5-hmac
crypto ipsec transform-set mvpclient esp-3des esp-md5-hmac
!
crypto ipsec profile SDM_Profile1
 set security-association lifetime seconds 3600
 set transform-set ESP-3DES-SHA
 set isakmp-profile sdm-ike-profile-1
!
!
crypto map VPNSTATIC 10 ipsec-isakmp
 set peer xxx.xxx.xxx.50
 set transform-set mvpstatic
 set pfs group2
 match address crypto-list
!
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-any SDM_AH
 match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
 match  invalid-command
class-map type inspect match-any sdm-cls-protocol-p2p
 match protocol edonkey signature
 match protocol gnutella signature
 match protocol kazaa2 signature
 match protocol fasttrack signature
 match protocol bittorrent signature
class-map type inspect gnutella match-any sdm-app-gnutella
 match  file-transfer
class-map type inspect match-any SDM-Voice-permit
 match protocol sip
class-map type inspect match-any SDM_IP
 match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
 match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
 match protocol isakmp
 match protocol ipsec-msft
 match class-map SDM_AH
 match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
 match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
 match  service any
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
 match  service any
class-map type inspect match-all sdm-protocol-pop3
 match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
 match protocol ymsgr yahoo-servers
 match protocol msnmsgr msn-servers
 match protocol aol aol-servers
class-map type inspect aol match-any sdm-app-aol-otherservices
 match  service any
class-map type inspect match-any sdm-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect pop3 match-any sdm-app-pop3
 match  invalid-command
class-map type inspect match-all sdm-nat-h323-1
 match access-group 104
 match protocol h323
class-map type inspect kazaa2 match-any sdm-app-kazaa2
 match  file-transfer
class-map type inspect match-all sdm-protocol-p2p
 match class-map sdm-cls-protocol-p2p
class-map type inspect http match-any sdm-http-blockparam
 match  request port-misuse im
 match  request port-misuse p2p
 match  req-resp protocol-violation
class-map type inspect match-all SDM-inspect-staticnat-in
 match access-group name staticnat
class-map type inspect match-all sdm-protocol-im
 match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-invalid-src
 match access-group 100
class-map type inspect ymsgr match-any sdm-app-yahoo
 match  service text-chat
class-map type inspect msnmsgr match-any sdm-app-msn
 match  service text-chat
class-map type inspect edonkey match-any sdm-app-edonkey
 match  file-transfer
 match  text-chat
 match  search-file-name
class-map type inspect match-all dhcp_out_self
 match access-group name dhcp-resp-permit
class-map type inspect match-all dhcp_self_out
 match access-group name dhcp-req-permit
class-map type inspect http match-any sdm-app-httpmethods
 match  request method bcopy
 match  request method bdelete
 match  request method bmove
 match  request method bpropfind
 match  request method bproppatch
 match  request method connect
 match  request method copy
 match  request method delete
 match  request method edit
 match  request method getattribute
 match  request method getattributenames
 match  request method getproperties
 match  request method index
 match  request method lock
 match  request method mkcol
 match  request method mkdir
 match  request method move
 match  request method notify
 match  request method options
 match  request method poll
 match  request method propfind
 match  request method proppatch
 match  request method put
 match  request method revadd
 match  request method revlabel
 match  request method revlog
 match  request method revnum
 match  request method save
 match  request method search
 match  request method setattribute
 match  request method startrev
 match  request method stoprev
 match  request method subscribe
 match  request method trace
 match  request method unedit
 match  request method unlock
 match  request method unsubscribe
class-map type inspect edonkey match-any sdm-app-edonkeychat
 match  search-file-name
 match  text-chat
class-map type inspect http match-any sdm-http-allowparam
 match  request port-misuse tunneling
class-map type inspect fasttrack match-any sdm-app-fasttrack
 match  file-transfer
class-map type inspect match-all sdm-protocol-http
 match protocol http
class-map type inspect match-all sdm-nat-sip-2
 match access-group 103
 match protocol sip
class-map type inspect match-all sdm-nat-sip-1
 match access-group 102
 match protocol sip
class-map type inspect edonkey match-any sdm-app-edonkeydownload
 match  file-transfer
class-map type inspect match-all sdm-protocol-imap
 match protocol imap
class-map type inspect aol match-any sdm-app-aol
 match  service text-chat
!
!
policy-map type inspect sdm-permit-icmpreply
 class type inspect dhcp_self_out
  pass
 class type inspect sdm-cls-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect p2p sdm-action-app-p2p
 class type inspect edonkey sdm-app-edonkeychat
  log
  allow
 class type inspect edonkey sdm-app-edonkeydownload
  log
  allow
 class type inspect fasttrack sdm-app-fasttrack
  log
  allow
 class type inspect gnutella sdm-app-gnutella
  log
  allow
 class type inspect kazaa2 sdm-app-kazaa2
  log
  allow
policy-map type inspect http sdm-action-app-http
 class type inspect http sdm-http-blockparam
  log
  reset
 class type inspect http sdm-app-httpmethods
  log
  reset
 class type inspect http sdm-http-allowparam
  log
  allow
policy-map type inspect imap sdm-action-imap
 class type inspect imap sdm-app-imap
  log
policy-map type inspect pop3 sdm-action-pop3
 class type inspect pop3 sdm-app-pop3
  log
policy-map type inspect im sdm-action-app-im
 class type inspect aol sdm-app-aol
  log
  allow
 class type inspect msnmsgr sdm-app-msn
  log
  allow
 class type inspect ymsgr sdm-app-yahoo
  log
  allow
 class type inspect aol sdm-app-aol-otherservices
  log
  reset
 class type inspect msnmsgr sdm-app-msn-otherservices
  log
  reset
 class type inspect ymsgr sdm-app-yahoo-otherservices
  log
  reset
policy-map type inspect sdm-inspect
 class type inspect SDM-Voice-permit
  pass
 class type inspect sdm-cls-insp-traffic
  inspect
 class type inspect sdm-invalid-src
  drop log
 class type inspect sdm-protocol-http
  inspect z1-z2-pmap
  service-policy http sdm-action-app-http
 class type inspect sdm-protocol-imap
  inspect
  service-policy imap sdm-action-imap
 class type inspect sdm-protocol-pop3
  inspect
  service-policy pop3 sdm-action-pop3
 class type inspect sdm-protocol-p2p
  inspect
  service-policy p2p sdm-action-app-p2p
 class type inspect sdm-protocol-im
  inspect
  service-policy im sdm-action-app-im
 class class-default
  pass
policy-map type inspect sdm-inspect-voip-in
 class type inspect SDM-inspect-staticnat-in
  pass
 class type inspect SDM-Voice-permit
  pass
 class type inspect sdm-nat-sip-1
  inspect
 class type inspect sdm-nat-sip-2
  inspect
 class type inspect sdm-nat-h323-1
  inspect
 class class-default
  drop
policy-map type inspect sdm-permit
 class type inspect SDM_EASY_VPN_SERVER_PT
  pass
 class type inspect dhcp_out_self
  pass
 class class-default
  drop
policy-map type inspect sdm-permit-ip
 class type inspect SDM_IP
  pass
 class class-default
  drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security sdm-zp-self-out source self destination out-zone
 service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-in source out-zone destination in-zone
 service-policy type inspect sdm-inspect-voip-in
zone-pair security sdm-zp-out-self source out-zone destination self
 service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
 service-policy type inspect sdm-inspect
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
 service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
 service-policy type inspect sdm-permit-ip
!
!
!
interface FastEthernet0
 switchport access vlan 75
!
interface FastEthernet1
 switchport access vlan 75
!
interface FastEthernet2
 switchport access vlan 75
!
interface FastEthernet3
 switchport access vlan 75
!
interface FastEthernet4
 description $FW_OUTSIDE$
 ip address xxx.xxx.60.102 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
 crypto map VPNSTATIC
!
interface Virtual-Template2 type tunnel
 ip unnumbered Vlan75
 zone-member security ezvpn-zone
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
 no ip address
!
interface Vlan75
 description $FW_INSIDE$
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
ip local pool SDM_POOL_1 10.10.10.1 10.10.10.15
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.60.97
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 192.168.75.2 5060 interface FastEthernet4 5060
ip nat inside source static tcp 192.168.75.2 1720 interface FastEthernet4 1720
!
ip access-list extended SDM_AH
 remark SDM_ACL Category=1
 permit ahp any any
ip access-list extended SDM_ESP
 remark SDM_ACL Category=1
 permit esp any any
ip access-list extended SDM_IP
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended crypto-list
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended dhcp-req-permit
 remark SDM_ACL Category=1
 permit udp any eq bootpc any eq bootps
ip access-list extended dhcp-resp-permit
 remark SDM_ACL Category=1
 permit udp any eq bootps any eq bootpc
ip access-list extended staticnat
 remark SDM_ACL Category=1
 permit tcp any host xxx.xxx.60.102 eq 5060
 permit udp any host xxx.xxx.60.102 eq 5060
 permit tcp any host xxx.xxx.60.102 eq 1720
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip xxx.xxx.60.96 0.0.0.7 any
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.75.2
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.75.2
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.75.2
access-list 110 deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 110 permit ip 192.168.0.0 0.0.0.255 any
!
!
!
!
route-map nonat permit 10
 match ip address 110
!
!
control-plane
!
banner login ^CSR520 Base Config - MFG 1.0 ^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input telnet ssh
!
scheduler max-task-time 5000
end


PIX 501 Configuration:

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password q6aOW4oqCTXeVaBr encrypted
passwd q6aOW4oqCTXeVaBr encrypted
hostname MVPNC-PIX
domain-name mvp.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list VPN_NONAT permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list VPN_Static permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.202.50 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm location 192.168.0.0 255.255.255.0 outside
pdm location xxx.xxx.60.96 255.255.255.248 outside
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list VPN_NONAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.202.49 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set mvpstatic esp-3des esp-md5-hmac
crypto map vpnmap 10 ipsec-isakmp
crypto map vpnmap 10 match address VPN_Static
crypto map vpnmap 10 set peer xxx.xxx.60.102
crypto map vpnmap 10 set transform-set mvpstatic
crypto map vpnmap interface outside
isakmp enable outside
isakmp key ******** address xxx.xxx.60.102 netmask 255.255.255.255 no-xauth
isakmp identity address
isakmp nat-traversal 10
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
dhcprelay server 192.168.0.221 outside
dhcprelay enable inside
dhcprelay setroute inside
dhcprelay timeout 90
terminal width 100
Cryptochecksum:d7f83581d6e0f0b04cee9a285683cdf1

currently on the PIX:

MVPNC-PIX# show isakmp sa
Total     : 1
Embryonic : 0
        dst               src        state     pending     created
   xxx.xxx.xxx.102    xxx.xxx.xxx.50    QM_IDLE         0           1


Any help would be appreciated, I know that in particular the SR520 configuration is a complete mess...

Thanks again.
ASKER CERTIFIED SOLUTION
Avatar of JDLoaner
JDLoaner
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Jody Lemoine
Jody Lemoine
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oh I see above you show one as "pending."  Try sending "interesting" traffic for that tunnel toward the device for it to bring the tunnel up.
Avatar of mazzarito
mazzarito

ASKER

Tried to remove pfs group2, no dice. Here is additional output from ipsec and isakmp

mvpmain#show crypto ipsec sa

interface: FastEthernet4
    Crypto map tag: VPNSTATIC, local addr xxx.xxx.xxx.102

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
   current_peer xxx.xxx.xxx.50 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: xxx.xxx.xxx.102, remote crypto endpt.: xxx.xxx.xxx.50
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
     current outbound spi: 0x0(0)

     inbound esp sas:

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:

     outbound ah sas:

     outbound pcp sas:
mvpmain#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status

IPv6 Crypto ISAKMP SA
The interesting thing here is that your IPsec SA shows no packets encrypted or decrypted.  Can you try connecting to the 192.168.1.0/24 network from the 192.168.0.0/24 network as JDLoaner suggested?  Do the packet counts on the SA go up when you do?
Can you try pinging something in the 192.168.1.0 from a machine in the 192.168.0.0 and show those again?
lol.. were on the same page today jodylemoine
When I attempt to ping anything in the 192.168.1.x network the packet count does NOT go up (still 0). Seems traffic is not being routed through the tunnel properly
Does show crypto isakmp sa show anything right after doing this?
Thanks for the help I was able to solve the problem with help from a friend...