I have a cisco uc520 and 871 that i use to connect to. When i add the remote connection to the 871 and test i get the tunnel status as down. From the uc520 if i type show crypto isakmp sa it shows the remote ip and the state is AG_INIT_EXCH. Im not very expierenced in debuggin this. I tried creating a new vpn pool and that didnt work either. I assume that the firewall would add any rules automatically since its hosting. Would i need to add nat rules? how could i debug this further. The 871 gives me nothing.