Cisco 1812 no contact to RADIUS server

[Sindby]

Hi guys,
Im pretty new to cisco products, and is playing around with a 1812... I'm trying to setup a Easy VPN Server, with Radius support, and as far as I can see I have done all tasks right, but there is a problem, because the router do not contact the RADIUS server, and the RADIUS server has been tested ok.

Anyone who can see what I am missing ??? Have worked with this issue for 3 days now.

Here is my conf.
Current configuration : 9170 bytes
!
! Last configuration change at 13:44:49 UTC Tue Oct 12 2010
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
aaa new-model
!
!
aaa group server radius sdm-vpn-server-group-1
server 90.0.0.245 auth-port 1645 acct-port 1646
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 passwd-expiry group sdm-vpn-server-group-1
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-250973313
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-250973313
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-250973313
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C040355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353039 37333331 33301E17 0D313031 30313230 39343333
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03540403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3235 30393733
33313330 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BCF94FB0 77240E92 B703CE70 556D5D22 A57823E5 DD4CD4C4 12D639DE 5E97DB2D
81FBB304 9FA677A6 CAD84F96 9734081B F8F8FAAE 000B02FB AEF7C7B1 73AFA44B
7D27E112 8991F03B 3D4FD484 34E2EA9F BD426F73 48778F2A AD35AAD6 EC00805D
249B8702 D545AEEA 40670DFD 3E6BEC29 EE48A0C6 CB7694FD 722D1A62 3A499CC5
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 801462CB F6BD12F6
080C8A89 F9FBBDCE 9751528A FFFD301D 0603551D 0E041604 1462CBF6 BD12F608
0C8A89F9 FBBDCE97 51528AFF FD300D06 092A8648 86F70D01 01040500 03818100
ACA87977 55225FC6 9147E57E 8B5A8CA8 46348CAF 801D11C6 9DA57C69 14FA5076
6844F0CC 4CBEB541 136A483A 69F7B7F0 E44474E8 14DC2E80 CC04F840 3531B884
F08A492D 8C3902C0 725EE93D AC83A29F 799AAE0F 5795484B B3D02F84 911DB135
21B0B9D4 5C189766 C30DA111 6B9B4E46 E999DA5B 202A6900 07A93D8D 41C7FD21
quit
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1812/K9 sn FCZ10232108
username admin privilege 15 secret 5 $1$P677$Rggfdgt8MeD8letZDL08d/
!
!
!
class-map type inspect match-all sdm-nat-smtp-1
match access-group 101
match protocol smtp
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class class-default
drop
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class class-default
drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
!
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group Sindby
key TheSommerOf03
dns 90.0.0.240 8.8.8.8
wins 90.0.0.240
domain SBYNET
pool SDM_POOL_2
max-users 15
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group Sindby
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA7 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA8 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA9 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA10 esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA10
set isakmp-profile sdm-ike-profile-1
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
description $FW_OUTSIDE$
ip address 93.166.xxx.xxx 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex auto
speed auto
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $FW_INSIDE$
ip address 90.0.0.190 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
!
ip local pool SDM_POOL_1 90.0.0.25 90.0.0.29
ip local pool SDM_POOL_2 90.0.0.75 90.0.0.90
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.1.200 25 interface FastEthernet0 25
ip nat inside source list 1 interface FastEthernet0 overload
ip route 0.0.0.0 0.0.0.0 93.166.xxx.xxx
!
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark SDM_ACL Category=1
permit ip any any
!
logging esm config
access-list 1 permit 90.0.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 93.166.xxx.xxx 0.0.0.7 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.1.200
!
!
!
!
!
!
radius-server host 90.0.0.245 auth-port 1645 acct-port 1646
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
!
end

 

[unclerico]

where is this RADIUS server located in relation to this router??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Sindby]

The RADIUS server is located on the inside. IP: 90.0.0.245, Cisco 1812 ip: 90.0.0.190

I can ping it from the console command. But it do not work.