Creating a site-to-site VPN with PIX 501 and ASA 5505

I'm trying to create a VPN between a PIX 501 and the ASA 5505...relevant config below for the PIX...when I try to create a matching config on the ASA side, I get a message that says "Ignoring msg to mark SA with specified coordinates <outside_map, 20> dead".   I've redone this on the ASA side 10 times today both by hand and by ADSM, and keep getting the same message.  Can someone help me with the correct VPN config for the ASA?  Thanks!

PIX:
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 1
isakmp policy 11 lifetime 86400
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac
crypto map rackmap 200 ipsec-isakmp
crypto map rackmap 200 match address 200
crypto map rackmap 200 set peer <peer>
crypto map rackmap 200 set transform-set rackset2
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp key <key> address <peer> netmask 255.255.255.255 no-xauth no-config-mode \
LVL 3
brianuncAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mediavisiondsCommented:
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5
 group 1      
 lifetime 86400
crypto isakmp enable outside

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map rackmap 10 match address ACL_VPN
crypto map rackmap 10 set peer <peer IP>
crypto map rackmap 10 set transform-set myset
crypto map rackmap interface outside

tunnel-group <peer IP> type ipsec-l2l
tunnel-group <peer IP> ipsec-attributes
 pre-shared-key <key>

access-list ACL_VPN permit 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list nonat permit 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list nonat
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brianuncAuthor Commented:
Thanks, turns out it was a routing issue instead of a VPN configuration issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.