Creating a site-to-site VPN with PIX 501 and ASA 5505

I'm trying to create a VPN between a PIX 501 and the ASA 5505...relevant config below for the PIX...when I try to create a matching config on the ASA side, I get a message that says "Ignoring msg to mark SA with specified coordinates <outside_map, 20> dead".   I've redone this on the ASA side 10 times today both by hand and by ADSM, and keep getting the same message.  Can someone help me with the correct VPN config for the ASA?  Thanks!

PIX:
isakmp policy 11 authentication pre-share
isakmp policy 11 encryption des
isakmp policy 11 hash md5
isakmp policy 11 group 1
isakmp policy 11 lifetime 86400
crypto ipsec transform-set rackset2 esp-des esp-md5-hmac
crypto map rackmap 200 ipsec-isakmp
crypto map rackmap 200 match address 200
crypto map rackmap 200 set peer <peer>
crypto map rackmap 200 set transform-set rackset2
access-list nonat permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 200 permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
isakmp key <key> address <peer> netmask 255.255.255.255 no-xauth no-config-mode \
LVL 3
brianuncAsked:
Who is Participating?
 
mediavisiondsConnect With a Mentor Commented:
crypto isakmp policy 1
 authentication pre-share
 encryption des
 hash md5
 group 1      
 lifetime 86400
crypto isakmp enable outside

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto map rackmap 10 match address ACL_VPN
crypto map rackmap 10 set peer <peer IP>
crypto map rackmap 10 set transform-set myset
crypto map rackmap interface outside

tunnel-group <peer IP> type ipsec-l2l
tunnel-group <peer IP> ipsec-attributes
 pre-shared-key <key>

access-list ACL_VPN permit 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list nonat permit 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list nonat
0
 
brianuncAuthor Commented:
Thanks, turns out it was a routing issue instead of a VPN configuration issue.
0
All Courses

From novice to tech pro — start learning today.