I am having a problem setting up an ipsec tunnel on a new remote site. When I do a "show crypto isakmp sa" it says everything is active, and when I do a "show crypto ipsec sa" it says it is connected but nothing is being encrypted. Here are the configs on both sides:
remote router:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key MYRM-Core--PDC-shar3d-k3y address 192.168.55.1
crypto ipsec transform-set MYRM-sites-AES esp-aes 256 esp-sha-hmac
crypto map PDC-map 10 ipsec-isakmp
set peer 192.168.55.1
set transform-set MYRM-sites-AES
match address MYRM-Core
interface FastEthernet0/0
description Embarq Ethernet 5MB Circuit# XX.XXXX.XXXX.UFLG
no ip address
duplex full
speed auto
service-policy output qos-out
crypto map MYRM-map
ip access-list extended MYRM-Core
remark source/destination for Core IPSec Tunnel
permit ip any any
Main Router:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key MYRM-Core--PDC-shar3d-k3y address 192.168.55.11
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set CCSO-sites-AES esp-aes 256 esp-sha-hmac
crypto map EtherCloud-map 100 ipsec-isakmp
set peer 192.168.55.11
set transform-set MYRM-sites-AES
match address MYRM-PDC
interface GigabitEthernet0/3.55
description EtherCloud Interface - PDC
encapsulation dot1Q 55
ip address 192.168.55.1 255.255.255.224
ip flow ingress
ip flow egress
no snmp trap link-status
crypto map EtherCloud-map
ip access-list extended MYRM-PDC
remark source/destination for VoTech IPSec Tunnel
deny ip host 27.27.27.230 192.168.2.0 0.0.0.255
deny ip host 27.27.27.251 host 192.168.2.12
deny ip host 27.27.29.40 host 192.168.2.12
permit ip 27.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.25
permit ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
permit ip 162.143.0.0 0.0.255.255 192.168.2.0 0.0.0.255
remark source/destination for VoTech IPSec Tunnel
remote router:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key MYRM-Core--PDC-shar3d-k3y address 192.168.55.1
crypto ipsec transform-set MYRM-sites-AES esp-aes 256 esp-sha-hmac
crypto map PDC-map 10 ipsec-isakmp
set peer 192.168.55.1
set transform-set MYRM-sites-AES
match address MYRM-Core
interface FastEthernet0/0
description Embarq Ethernet 5MB Circuit# XX.XXXX.XXXX.UFLG
no ip address
duplex full
speed auto
service-policy output qos-out
crypto map MYRM-map
ip access-list extended MYRM-Core
remark source/destination for Core IPSec Tunnel
permit ip any any
Main Router:
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key MYRM-Core--PDC-shar3d-k3y address 192.168.55.11
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set CCSO-sites-AES esp-aes 256 esp-sha-hmac
crypto map EtherCloud-map 100 ipsec-isakmp
set peer 192.168.55.11
set transform-set MYRM-sites-AES
match address MYRM-PDC
interface GigabitEthernet0/3.55
description EtherCloud Interface - PDC
encapsulation dot1Q 55
ip address 192.168.55.1 255.255.255.224
ip flow ingress
ip flow egress
no snmp trap link-status
crypto map EtherCloud-map
ip access-list extended MYRM-PDC
remark source/destination for VoTech IPSec Tunnel
deny ip host 27.27.27.230 192.168.2.0 0.0.0.255
deny ip host 27.27.27.251 host 192.168.2.12
deny ip host 27.27.29.40 host 192.168.2.12
permit ip 27.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
permit ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.25
permit ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255
permit ip 162.143.0.0 0.0.255.255 192.168.2.0 0.0.0.255
remark source/destination for VoTech IPSec Tunnel