I have a Cisco 837 router and a Cisco 3005 Concentrator that I would like to set up a VPN between. I have followed the setup from the Cisco document " Configuring the Cisco VPN 3000 Concentrator to an Cisco Router" and the one for "Configuring Lan-to-Lan tunnels on a VPN 3000 Concentrator with a Cisco IOS Router Configured for DHCP." After following these I still have not been able to get the VPN to come up. The 837 and the computers behind it are able to get to the internet fine and able to ping the concentrators public ip address. When I do sh crypto isakmp sa I get nothing under the source or destination. Below is my 837 config. Can someone please see if I am missing anything?
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret
!
no aaa new-model
ip subnet-zero
!
!
ip name-server xxx.xxx.14.201
ip name-server xxx.xxx.1.8
ip ips po max-events 100
vpdn enable
!
vpdn-group ppoe
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key ***** address zzz.zzz.zzz.85
!
!
crypto ipsec transform-set weak esp-des esp-md5-hmac
!
!
crypto map vpn 10 ipsec-isakmp
set peer zzz.zzz.zzz.85
set transform-set weak
match address 120
!
!
!
!
interface Ethernet0
ip address 192.168.xxx.xxx 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username user password password
crypto map vpn
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nonat interface Dialer1 overload
!
access-list 1 permit 192.168.xxx.xxx 0.0.0.255 any
access-list 120 permit ip 192.168.xxx.xxx 0.0.0.255 192.168.yyy.yyy 0.0.0.255
access-list 121 deny ip 192.168.xxx.xxx 0.0.0.255 192.168.yyy.yyy 0.0.0.255
access-list 121 permit ip 192.168.xxx.xxx 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 121
!
control-plane
!
!
line con 0
password *****
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password *****
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret
!
no aaa new-model
ip subnet-zero
!
!
ip name-server xxx.xxx.14.201
ip name-server xxx.xxx.1.8
ip ips po max-events 100
vpdn enable
!
vpdn-group ppoe
request-dialin
protocol pppoe
!
no ftp-server write-enable
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp key ***** address zzz.zzz.zzz.85
!
!
crypto ipsec transform-set weak esp-des esp-md5-hmac
!
!
crypto map vpn 10 ipsec-isakmp
set peer zzz.zzz.zzz.85
set transform-set weak
match address 120
!
!
!
!
interface Ethernet0
ip address 192.168.xxx.xxx 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username user password password
crypto map vpn
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map nonat interface Dialer1 overload
!
access-list 1 permit 192.168.xxx.xxx 0.0.0.255 any
access-list 120 permit ip 192.168.xxx.xxx 0.0.0.255 192.168.yyy.yyy 0.0.0.255
access-list 121 deny ip 192.168.xxx.xxx 0.0.0.255 192.168.yyy.yyy 0.0.0.255
access-list 121 permit ip 192.168.xxx.xxx 0.0.0.255 any
dialer-list 1 protocol ip permit
!
route-map nonat permit 10
match ip address 121
!
control-plane
!
!
line con 0
password *****
login
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password *****
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end