We have a site-to-site tunnel between our headquarters and a remotes site. The remote site uses AT&T DSL and we have assigned static IPs addresses from the provider that we have assigned to our remote firewall.
When setting up the VPN tunnel, if using ESP/3DES as the Phase 2 security parameter, we get the signal from both sides of the tunnel that the connection is successful. However, when we try to pass traffic, nothing appears to be passing from the local firewall to the remote network. (basic ping's fail any response)
From the network monitor, the PING packets are "Received", by the local firewall but are not passed through to any other interface (no references to forwarded, consumed packets by the firewall etc) and seem to simply die at the firewall with no outgoing interface.
When the Phase 2 security is changed to AH (as I understand not ideal for security) the ping traffic passes through the firewall appropriately and gets responses from the remote network via the VPN site-to-site.
When changes back to the more secure form, the traffic stops again.
Any help or suggestions would be appreciated!