how to iniciate vpn tunel

[mrjoli021]

I have two 871 cisco router and i am trying to establish an ipsec tunnel between both site. I cant seem to initiate the tunnel. when i do
"show crypto ipsec sa"
i get:

protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.15.32/255.255.255.224/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
current_peer 74.61.51.221 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 65.220.25.84, remote crypto endpt.: 74.61.51.221
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
current outbound spi: 0x0(0)

which to me is that the tunnel is not started.
please help

 

[unclerico]

your tunnel is established. you need to make sure that your crypto ACLs on both sides of the tunnel contain the proper entries and are mirror opposites of each other.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[mrjoli021]

these are the access list from both routers

router 1
access-list 140 remark ip 192.168.15.32 0.0.0.31 192.168.1.0 0.0.0.255
access-list 140 permit ip 192.168.15.32 0.0.0.31 192.168.1.0 0.0.0.255

router 2
access-list 140 remark ip 192.168.1.0 0.0.0.255 192.168.15.32 0.0.0.31
access-list 140 permit ip 192.168.1.0 0.0.0.255 192.168.15.32 0.0.0.31

 

[unclerico]

So how exactly are you trying to initiate the tunnel? Are you pinging, browsing file shares, etc.? A good place to start would be to issue the command debug crypto ipsec sa

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[mrjoli021]

all the debug commands tell me that the "debug is on" and then back to a prompt.