Cisco PIX 501-515 Site-to-Site VPN Issue

I'm deferring to the experts in this group to help me solve a
nightmare of a PIX configuration issue.

I have a PIX 501 located in Connecticut and a PIX 515 located in New
York and am trying to put together a site-to-site VPN. The remote
access on the 515 works like a charm, but I've been unable to make any
headway with the site-to-site. The only way that I've been able to
initiate the connection, in fact, is to launch the packet tracer on
the 515 to 'send' a packet from an IP on the 515's network to an IP on
the 501's. Everything comes back okay, but if I try to ping or
connect to any machine on either of the networks from the other one,
it doesn't go through, and no useful debugging information seems to be
returned. If anyone has any insight into what might be going on, your
advice would be tremendously appreciated. I've copied the
configurations below and have removed only the clearly-irrelevant
parts.

PIX 501:
Internal IP Range: 10.0.2.0/255.255.255.0
External IP: x.x.123.29

PIX 515:
Internal IP Range: 10.0.0.0/255.255.255.0
Remote Access: 10.0.1.0/255.255.255.0
External IP: x.x.23.17


CISCO PIX 501 IN CONNECTICUT

PIX Version 6.3(5)
access-list outside_access_in permit icmp any any
access-list outside_access_in permit tcp any any object-group TCP
access-list inside_outbound_nat0_acl permit ip 10.0.2.0 255.255.255.0
10.0.0.0 255.255.255.0
access-list outside_cryptomap_20 permit ip 10.0.2.0 255.255.255.0
10.0.0.0 255.255.255.0
ip address outside x.x.123.29 255.255.255.252
ip address inside 10.0.2.1 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 dns 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.123.30 1
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set pfs group2
crypto map outside_map 20 set peer x.x.23.17
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key * address x.x.23.17 netmask 255.255.255.255 no-xauth no-
config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
dhcpd address 10.0.2.200-10.0.2.231 inside
dhcpd enable inside


CISCO PIX 515 IN NEW YORK

PIX Version 7.2(1)
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in extended permit icmp any any
access-list outside_cryptomap extended permit ip 10.0.0.0
255.255.255.0 10.0.2.0 255.255.255.0
access-list outside_cryptomap extended permit ip any 10.0.1.0
255.255.255.0
access-list outside_20_cryptomap extended permit ip 10.0.0.0
255.255.255.0 10.0.2.0 255.255.255.0
ip local pool VPN 10.0.1.1-10.0.1.254 mask 255.255.0.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm drop reset
ip audit attack action alarm drop reset
icmp permit any outside
icmp permit any inside
global (outside) 101 interface
nat (inside) 0 access-list outside_cryptomap
nat (inside) 101 0.0.0.0 0.0.0.0 dns
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.23.30 1
no eou allow clientless
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 10.0.0.2 10.0.0.3
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 5
vpn-idle-timeout none
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value mydomain.net
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools value VPN
client-firewall none
client-access-rule none
sysopt connection tcpmss 0
service resetinbound interface outside
service resetinbound interface inside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto dynamic-map outside_dyn_map 20 set transform-set
TRANS_ESP_3DES_SHA
crypto map outside_map 20 match address outside_20_cryptomap
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer x.x.123.29
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 40 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 3600
crypto isakmp nat-traversal 20
crypto isakmp ipsec-over-tcp port 10000
crypto isakmp disconnect-notify
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
tunnel-group DefaultRAGroup general-attributes
address-pool VPN
authorization-dn-attributes use-entire-name
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
peer-id-validate nocheck
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group x.x.123.29 type ipsec-l2l
tunnel-group x.x.123.29 ipsec-attributes
pre-shared-key *
no tunnel-group-map enable ou
no tunnel-group-map enable ike-id
no tunnel-group-map enable peer-ip
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
dhcpd address 10.0.0.100-10.0.0.149 inside
dhcpd enable inside