VPN between PIX 525 and SA 520

At my head site I have a PIX 525 configured to provide security for my network, client access VPN and I have been trying to add a site-to-site VPN to it. I have attached a sanitized config of my PIX and also a basic network diagram to give you an idea of the situation. Basically, I can get the site-to-site VPN to establish and can ping the outside interfaces through the VPN but as soon as I try to go to the inside interfaces on either side it fails. This is made more complicated by the fact that I have three networks at my head site, 192.168.1.x, 2.x and 3.x which all need access to and from the other side of the VPN. At the remote site (Huddersfield) just one, 192.168.75.x Any comments would be welcome.
asdm image flash:/asdm-504.bin
asdm location AFR 255.255.255.255 outside
asdm location SG 255.255.255.255 outside
asdm location AIM 255.255.255.255 outside
asdm location ION 255.255.255.255 inside
asdm location W2KS-PICT-PDC 255.255.255.255 inside
asdm location PICTADMIN1 255.255.255.255 inside
asdm location VPNTEST 255.255.255.255 inside
asdm location W2KS-PROS-PDC 255.255.255.255 inside
asdm location XXXunity1 255.255.255.255 inside
asdm location XXXCCM2 255.255.255.255 inside
asdm location PICTADMIN2 255.255.255.255 inside
asdm location PICTADMIN3 255.255.255.255 inside
asdm location XXXEMAILFILTER 255.255.255.255 inside
asdm location Ann 255.255.255.255 outside
asdm location PROSADMIN1 255.255.255.255 inside
asdm location PROSADMIN2 255.255.255.255 inside
asdm location PROSADMIN3 255.255.255.255 inside
asdm location PROSADMIN4 255.255.255.255 inside
asdm location PROSADMIN5 255.255.255.255 inside
asdm location PROSADMIN6 255.255.255.255 inside
asdm location XXXIIS1 255.255.255.255 inside
asdm location XXXTS1 255.255.255.255 inside
asdm location XXXTS2 255.255.255.255 inside
asdm location XXXAIMAPPS 255.255.255.255 inside
asdm location XXXAIMDATA 255.255.255.255 inside
asdm location XXXAV 255.255.255.255 inside
asdm location KasperskySMTP1 255.255.255.255 outside
asdm location KasperskySMTP2 255.255.255.0 outside
asdm location KasperskySMTP3 255.255.255.0 outside
asdm location KasperskySMTP4 255.255.255.0 outside
asdm location KasperskySMTP5 255.255.255.192 outside
asdm location KasperskySMTP7 255.255.255.224 outside
asdm location KasperskySMTP6 255.255.255.192 outside
asdm location XXXMAIL1 255.255.255.255 inside
asdm location MPC3000CONV 255.255.255.255 inside
asdm location MP6001RTA 255.255.255.255 inside
asdm location MP6001UNION 255.255.255.255 inside
asdm location MP4000RTA2 255.255.255.255 inside
asdm location SWANADMIN1 255.255.255.255 inside
asdm location Karen 255.255.255.255 outside
asdm location KHComputer 255.255.255.255 inside
asdm location SG2 255.255.255.255 outside
asdm location Huddersfield 255.255.255.255 outside
asdm location 192.168.0.0 255.255.254.0 inside
asdm location 192.168.3.0 255.255.255.0 inside
asdm location XXXTS3 255.255.255.255 inside
asdm group PCAnywhere inside
asdm group FullAccess outside
asdm group PCAnywhere_ref outside reference PCAnywhere
asdm group Managers inside
asdm group RRAS inside
asdm group RemoteUsers outside
asdm group RRAS_ref_1 outside reference RRAS
asdm group Kaspersky outside
asdm group Photocopiers inside
asdm history enable
: Saved
:
PIX Version 7.0(4) 
!
terminal width 132
hostname pix525
domain-name xxxxxx.co.uk
enable password xxx encrypted
names
name 192.168.1.16 W2KS-CASH-PDC description Cash Server
name xxx.xxx.227.125 SG description Steven Home
name xxx.xxx.41.248 AFR description Andrew Test Host
name xxx.xxx.145.197 AIM description Support Access Host
name 192.168.1.14 ION description Linux Server
name 192.168.2.10 W2KS-PROS-PDC description  File Server
name 192.168.1.106 VPNTEST description VPN Test Host
name 192.168.1.15 W2KS-PICT-PDC description Picton File Server
name 10.101.1.4 XXXCCM1 description Callmanager
name 10.101.1.8 XXXunity1 description Unity Server
name 10.101.1.5 XXXCCM2 description CallManager
name 192.168.1.8 EMAILFILTER
name xxx.xxx.203.41 Ann
name 192.168.2.64 PROSADMIN6
name 192.168.2.63 PROSADMIN5
name 192.168.2.62 PROSADMIN4
name 192.168.2.61 PROSADMIN3
name 192.168.2.60 PROSADMIN2
name 192.168.2.59 PROSADMIN1
name 192.168.1.32 PICTADMIN3
name 192.168.1.31 PICTADMIN2
name 192.168.1.30 PICTADMIN1
name 192.168.1.17 XXXIIS1 description IIS Server
name 192.168.2.13 XXXTS1 description Terminal Server
name 192.168.2.15 XXXTS2
name 192.168.2.11 XXXAIMAPPS description Evolution Application Server
name 192.168.2.12 XXXAIMDATA
name 192.168.2.22 XXXAV
name xxx.xxx.80.4 KasperskySMTP1
name xxx.xxx.69.0 KasperskySMTP2
name xxx.xxx.1.0 KasperskySMTP3
name xxx.xxx.57.0 KasperskySMTP4
name xxx.xxx.17.0 KasperskySMTP7
name xxx.xxx.204.128 KasperskySMTP6
name xxx.xxx.75.128 KasperskySMTP5
name 192.168.2.20 XXXMAIL1 description Primary Mail Server
name 192.168.2.228 MPC3000CONV
name 192.168.2.55 MP6001UNION
name 192.168.2.54 MP6001RTA
name 192.168.2.229 MP4000RTA2
name 192.168.3.30 SWANADMIN1
name xxx.xxx.4.114 Karen description KarenHoskerHome
name 192.168.2.174 KHComputer
name xxx.xxx.227.126 SG2
name xxx.xxx.85.167 Huddersfield
name 192.168.2.17 XXXTS3
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address xxx.xxx.16.3 255.255.255.224 
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.1.4 255.255.255.0 
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
passwd 2KFQnbNIdI.2KYOU encrypted
boot system flash:/image.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
object-group service HTTP tcp
 port-object eq www
 port-object eq 82
 port-object eq https
 port-object eq 8080
 port-object eq 8801
 port-object eq 81
 port-object eq 8082
 port-object eq 8081
object-group service MAIL tcp
 port-object eq pop3
 port-object eq imap4
object-group network PCAnywhere
 description Hosts that require PCAnywhere access
 network-object W2KS-PICT-PDC 255.255.255.255
 network-object W2KS-CASH-PDC 255.255.255.255
 network-object W2KS-PROS-PDC 255.255.255.255
object-group network FullAccess
 description Hosts that require full access
 network-object Ann 255.255.255.255
object-group network PCAnywhere_ref
 network-object xxx.xxx.16.2 255.255.255.255
 network-object xxx.xxx.16.6 255.255.255.255
 network-object xxx.xxx.16.7 255.255.255.255
object-group network Managers
 description PCs with free access
 network-object PICTADMIN1 255.255.255.255
 network-object PICTADMIN2 255.255.255.255
 network-object PICTADMIN3 255.255.255.255
 network-object PROSADMIN1 255.255.255.255
 network-object PROSADMIN2 255.255.255.255
 network-object PROSADMIN3 255.255.255.255
 network-object PROSADMIN4 255.255.255.255
 network-object PROSADMIN5 255.255.255.255
 network-object PROSADMIN6 255.255.255.255
 network-object XXXAV 255.255.255.255
 network-object XXXAIMAPPS 255.255.255.255
 network-object SWANADMIN1 255.255.255.255
object-group service ION tcp
 description Linux Server Ports
 port-object range 6697 6698
 port-object eq 4400
 port-object eq 3306
 port-object eq 999
 port-object eq ssh
 port-object eq 9464
 port-object eq 7827
 port-object range 6667 7000
 port-object eq 9000
 port-object eq www
 port-object eq ftp
 port-object eq 123
 port-object eq smtp
object-group service FTP tcp
 description FTP ports
 port-object eq ftp-data
 port-object eq ftp
object-group network RRAS
 network-object XXXIIS1 255.255.255.255
object-group network RemoteUsers
 network-object SG 255.255.255.255
object-group network RRAS_ref_1
 network-object xxx.xxx.16.16 255.255.255.255
object-group network Kaspersky
 network-object KasperskySMTP1 255.255.255.255
 network-object KasperskySMTP2 255.255.255.0
 network-object KasperskySMTP3 255.255.255.0
 network-object KasperskySMTP4 255.255.255.0
 network-object KasperskySMTP5 255.255.255.192
 network-object KasperskySMTP6 255.255.255.192
 network-object KasperskySMTP7 255.255.255.224
object-group network Photocopiers
 network-object MPC3000CONV 255.255.255.255
 network-object MP6001RTA 255.255.255.255
 network-object MP6001UNION 255.255.255.255
 network-object MP4000RTA2 255.255.255.255
access-list allow-all extended permit ip any any 
access-list inside_access_in extended permit tcp object-group PCAnywhere any eq pcanywhere-data 
access-list inside_access_in extended permit udp object-group PCAnywhere any eq pcanywhere-status 
access-list inside_access_in extended permit tcp any object-group FullAccess 
access-list inside_access_in extended permit udp any object-group FullAccess 
access-list inside_access_in extended permit icmp any object-group FullAccess 
access-list inside_access_in extended permit ip any object-group FullAccess 
access-list inside_access_in extended permit tcp host XXXMAIL1 any eq domain 
access-list inside_access_in extended permit udp host XXXMAIL1 any eq domain 
access-list inside_access_in extended permit tcp host XXXMAIL1 host SG eq 3389 
access-list inside_access_in extended permit tcp host XXXMAIL1 any object-group HTTP 
access-list inside_access_in extended permit tcp host XXXMAIL1 any object-group MAIL 
access-list inside_access_in extended permit tcp host XXXMAIL1 any eq smtp 
access-list inside_access_in extended permit tcp host XXXMAIL1 any eq 3101 
access-list inside_access_in extended permit udp host W2KS-PICT-PDC any eq domain 
access-list inside_access_in extended permit tcp host W2KS-PICT-PDC any object-group HTTP 
access-list inside_access_in extended permit tcp host W2KS-PICT-PDC any object-group FTP 
access-list inside_access_in extended permit tcp host W2KS-PICT-PDC any eq domain 
access-list inside_access_in extended permit tcp host W2KS-PICT-PDC any eq daytime 
access-list inside_access_in extended permit udp host W2KS-PICT-PDC any eq nameserver 
access-list inside_access_in extended permit udp host W2KS-PICT-PDC any eq time 
access-list inside_access_in extended permit udp object-group RRAS any eq domain 
access-list inside_access_in extended permit tcp object-group RRAS any object-group HTTP 
access-list inside_access_in extended permit tcp object-group RRAS any object-group FTP 
access-list inside_access_in extended permit tcp object-group RRAS any eq domain 
access-list inside_access_in extended permit tcp object-group RRAS any eq daytime 
access-list inside_access_in extended permit udp object-group RRAS any eq nameserver 
access-list inside_access_in extended permit udp object-group RRAS any eq time 
access-list inside_access_in extended permit ip object-group RRAS any 
access-list inside_access_in extended permit ip object-group Managers any 
access-list inside_access_in extended permit ip object-group Photocopiers any 
access-list inside_access_in extended permit ip host XXXunity1 any 
access-list inside_access_in extended permit tcp host ION any object-group ION 
access-list inside_access_in extended permit ip host XXXAIMDATA any 
access-list inside_access_in extended permit tcp object-group RRAS object-group RemoteUsers eq 3389 
access-list inside_access_in extended permit tcp object-group RRAS object-group RemoteUsers eq pptp 
access-list inside_access_in extended permit gre object-group RRAS object-group RemoteUsers 
access-list inside_access_in extended permit tcp object-group RRAS object-group RemoteUsers object-group HTTP 
access-list inside_access_in extended permit tcp host XXXAIMAPPS host AIM eq 3389 
access-list inside_access_in extended permit udp host XXXAIMAPPS any eq ntp 
access-list inside_access_in extended permit tcp host XXXTS1 object-group FullAccess eq 3389 
access-list inside_access_in extended permit icmp host XXXTS1 object-group FullAccess 
access-list inside_access_in extended permit tcp host XXXEMAILFILTER any eq https 
access-list inside_access_in extended permit tcp host XXXEMAILFILTER any eq ftp 
access-list inside_access_in extended permit tcp host XXXEMAILFILTER any eq ftp-data 
access-list inside_access_in extended permit tcp host XXXEMAILFILTER any eq smtp 
access-list inside_access_in extended permit tcp host XXXTS1 any eq 3389 
access-list inside_access_in extended permit udp any any eq isakmp 
access-list inside_access_in extended permit udp any any eq 4500 
access-list inside_access_in extended permit esp any any 
access-list inside_access_in extended permit tcp any host Huddersfield 
access-list inside_access_in extended permit udp any host Huddersfield 
access-list inside_access_in extended permit tcp host KHComputer host Karen eq 5900 
access-list inside_access_in extended permit tcp host XXXTS3 host Huddersfield eq 3389 
access-list outside_access_in extended permit icmp any any unreachable 
access-list outside_access_in extended permit tcp any object-group PCAnywhere_ref eq pcanywhere-data 
access-list outside_access_in extended permit udp any object-group PCAnywhere_ref eq pcanywhere-status 
access-list outside_access_in extended permit tcp object-group FullAccess any 
access-list outside_access_in extended permit udp object-group FullAccess any 
access-list outside_access_in extended permit icmp object-group FullAccess any 
access-list outside_access_in extended permit ip object-group FullAccess any 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.2 object-group HTTP 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.2 object-group FTP 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.2 eq domain 
access-list outside_access_in extended permit icmp any any echo-reply 
access-list outside_access_in extended permit icmp any any time-exceeded 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.13 object-group MAIL 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.13 object-group HTTP 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.13 eq 3101 
access-list outside_access_in extended permit tcp object-group Kaspersky host xxx.xxx.16.13 eq smtp 
access-list outside_access_in extended permit tcp host SG host xxx.xxx.16.13 eq 3389 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.5 object-group ION 
access-list outside_access_in extended permit tcp object-group RemoteUsers object-group RRAS_ref_1 eq 3389 
access-list outside_access_in extended permit tcp object-group RemoteUsers object-group RRAS_ref_1 eq pptp 
access-list outside_access_in extended permit gre object-group RemoteUsers object-group RRAS_ref_1 
access-list outside_access_in extended permit tcp object-group RemoteUsers object-group RRAS_ref_1 object-group HTTP 
access-list outside_access_in extended permit tcp host AIM host xxx.xxx.16.9 eq 3389 
access-list outside_access_in extended permit tcp object-group FullAccess host xxx.xxx.16.4 eq 3389 
access-list outside_access_in extended permit icmp object-group FullAccess host xxx.xxx.16.4 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.10 eq smtp inactive 
access-list outside_access_in extended permit tcp host SG host xxx.xxx.16.4 eq 3389 inactive 
access-list outside_access_in extended permit tcp host SG host xxx.xxx.16.4 eq www inactive 
access-list outside_access_in extended permit tcp host SG host xxx.xxx.16.18 eq 3389 inactive 
access-list outside_access_in extended permit tcp any host xxx.xxx.16.4 eq 3389 
access-list outside_access_in extended permit udp any host xxx.xxx.16.9 eq ntp 
access-list outside_access_in extended permit udp any any eq isakmp 
access-list outside_access_in extended permit udp any any eq 4500 
access-list outside_access_in extended permit esp any any 
access-list outside_access_in extended permit tcp host Huddersfield any 
access-list outside_access_in extended permit udp host Huddersfield any 
access-list outside_access_in extended permit tcp host Karen host xxx.xxx.16.17 eq 5900 
access-list outside_access_in extended permit tcp host Huddersfield host xxx.xxx.16.14 eq 3389 
access-list inside_nat0_outbound extended permit ip any 192.168.1.192 255.255.255.192 
access-list vpntunnel_splitTunnelAcl standard permit host XXXTS1 
access-list vpntunnel_splitTunnelAcl remark XXXTS1
access-list vpntunnel_splitTunnelAcl remark XXXTS2
access-list vpntunnel_splitTunnelAcl standard permit host XXXTS2 
access-list vpntunnel_splitTunnelAcl remark XXXTS3
access-list vpntunnel_splitTunnelAcl standard permit host XXXTS3 
access-list vpntunnel_splitTunnelAcl remark XXXMAIL1
access-list vpntunnel_splitTunnelAcl standard permit host XXXMAIL1 
access-list outside_cryptomap_dyn_20 extended permit ip any 192.168.1.192 255.255.255.192 
access-list outside_cryptomap_20 extended permit ip any 192.168.75.0 255.255.255.0 
pager lines 24
logging enable
logging timestamp
logging standby
logging asdm emergencies
logging recipient-address notify@xxxxxx.co.uk level errors
mtu outside 1500
mtu inside 1500
ip local pool vpnpool 192.168.1.220-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
no failover
failover lan unit primary
failover polltime unit 10 holdtime 30
failover key *****
monitor-interface outside
monitor-interface inside
asdm image flash:/asdm-504.bin
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) xxx.xxx.16.9 XXXAIMAPPS netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.13 XXXMAIL1 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.5 ION netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.2 W2KS-PICT-PDC netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.6 W2KS-CASH-PDC netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.16 XXXIIS1 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.7 W2KS-PROS-PDC netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.11 XXXCCM1 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.4 XXXTS1 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.12 XXXCCM2 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.15 XXXunity1 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.10 XXXEMAILFILTER netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.18 XXXTS2 netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.17 KHComputer netmask 255.255.255.255 
static (inside,outside) xxx.xxx.16.14 XXXTS3 netmask 255.255.255.255 
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.16.1 1
route inside XXXTS3 255.255.255.255 192.168.1.1 1
route inside KHComputer 255.255.255.255 192.168.1.1 1
route inside SWANADMIN1 255.255.255.255 192.168.1.1 1
route inside MP4000RTA2 255.255.255.255 192.168.1.1 1
route inside MP6001UNION 255.255.255.255 192.168.1.1 1
route inside MP6001RTA 255.255.255.255 192.168.1.1 1
route inside MPC3000CONV 255.255.255.255 192.168.1.1 1
route inside XXXMAIL1 255.255.255.255 192.168.1.1 1
route inside XXXAV 255.255.255.255 192.168.1.1 1
route inside XXXAIMAPPS 255.255.255.255 192.168.1.1 1
route inside XXXTS2 255.255.255.255 192.168.1.1 1
route inside XXXTS1 255.255.255.255 192.168.1.1 1
route inside PROSADMIN6 255.255.255.255 192.168.1.1 1
route inside PROSADMIN5 255.255.255.255 192.168.1.1 1
route inside PROSADMIN4 255.255.255.255 192.168.1.1 1
route inside PROSADMIN3 255.255.255.255 192.168.1.1 1
route inside PROSADMIN2 255.255.255.255 192.168.1.1 1
route inside PROSADMIN1 255.255.255.255 192.168.1.1 1
route inside XXXunity1 255.255.255.255 192.168.1.1 1
route inside XXXCCM1 255.255.255.255 192.168.1.1 1
route inside W2KS-PROS-PDC 255.255.255.255 192.168.1.1 1
route inside XXXCCM2 255.255.255.255 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy DfltGrpPolicy attributes
 banner none
 wins-server none
 dns-server none
 dhcp-network-scope none
 vpn-access-hours none
 vpn-simultaneous-logins 3
 vpn-idle-timeout 30
 vpn-session-timeout none
 vpn-filter none
 vpn-tunnel-protocol IPSec 
 password-storage disable
 ip-comp disable
 re-xauth disable
 group-lock none
 pfs disable
 ipsec-udp disable
 ipsec-udp-port 10000
 split-tunnel-policy tunnelall
 split-tunnel-network-list none
 default-domain none
 split-dns none
 secure-unit-authentication disable
 user-authentication disable
 user-authentication-idle-timeout 30
 ip-phone-bypass disable
 leap-bypass disable
 nem disable
 backup-servers keep-client-config
 client-firewall none
 client-access-rule none
group-policy vpntunnel internal
group-policy vpntunnel attributes
 wins-server value 192.168.1.15
 dns-server value 192.168.1.15 192.168.2.20
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value vpntunnel_splitTunnelAcl
 default-domain value xxxxxx.co.uk
username catherine.chXXXle password xxx encrypted privilege 0
username catherine.chXXXle attributes
 vpn-group-policy vpntunnel
username steven.gould password xxx encrypted privilege 0
username steven.gould attributes
 vpn-group-policy vpntunnel
username virtual password xxx encrypted privilege 15
http server enable
http PICTADMIN1 255.255.255.255 inside
http ION 255.255.255.255 inside
http W2KS-PICT-PDC 255.255.255.255 inside
http PICTADMIN3 255.255.255.255 inside
http XXXMAIL1 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer Huddersfield 
crypto map outside_map 20 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption aes-256
isakmp policy 30 hash sha
isakmp policy 30 group 5
isakmp policy 30 lifetime 86400
isakmp nat-traversal  20
tunnel-group vpntunnel type ipsec-ra
tunnel-group vpntunnel general-attributes
 address-pool vpnpool
 default-group-policy vpntunnel
tunnel-group vpntunnel ipsec-attributes
 pre-shared-key *
tunnel-group xxx.xxx.85.167 type ipsec-l2l
tunnel-group xxx.xxx.85.167 ipsec-attributes
 pre-shared-key *
telnet 0.0.0.0 0.0.0.0 inside
telnet PICTADMIN1 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
ssh version 1
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect http 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
!
service-policy global_policy global
smtp-server 192.168.2.20
Cryptochecksum:b6554df49f3637f4d0b89e33cf65db4d
: end

Open in new window

diagram.jpg
LVL 3
Steve GouldAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Faruk Onder YerliOwnerCommented:
could you please put below access to pix

access-list inside_access_in extended permit ip any 192.168.75.0 255.255.255.0

I think you are not giving access from inside to huddersfield LAN.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Faruk Onder YerliOwnerCommented:
also below string please
access-list inside_nat0_outbound extended permit ip any 192.168.75.0 255.255.255.0
0
Steve GouldAuthor Commented:
Ok, i'll give those lines a try. Sorry for the late responce - i've been stuck in Portugal due to this Volcano thing.
0
Steve GouldAuthor Commented:
Excellent solution, worked 100%. Thanks very much.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.