Cisco VPDN & Windows Vista?

[ADB100]

I have a working L2TP/IPSec VPDN configuration from a Cisco 877 router running IOS 12.4(15)T1. It allows Windows 2000/2003 & XP machines to connect via the Native VPN client. This has worked flawlessly since setting this up about 6-months ago, I have even managed to get Windows Mobile 5 & 6 working with it....

I have managed to get a copy of Vista Ultimate to test with and I can't get the VPN working. The error message I am getting on the Vista Client seems to indicate an ISAKMP Phase 1 error, however it isn't very clear, I have disabled the Certificate checking on Vista. The debugs on the router don't show any errors in authentication, just a message to delete the connection:

002060: Aug  2 17:45:12.593 GMT: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

The config on the router is pretty simple:

aaa authentication ppp PPP-VPN group IAS-Servers
!
crypto isakmp policy 10
 encr 3des
 group 2
 lifetime 3600
crypto isakmp keepalive 3600
!
crypto ipsec security-association lifetime seconds 600
!
crypto ipsec transform-set ESP-3DES-ESP-SHA-HMAC esp-3des esp-sha-hmac
 mode transport
!
crypto dynamic-map DYN_MAP 10
 set nat demux
 set transform-set ESP-3DES-ESP-SHA-HMAC
!
!
crypto map CRYP_MAP 6000 ipsec-isakmp dynamic DYN_MAP
!
vpdn enable
!
vpdn-group L2TP
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 10
 no l2tp tunnel authentication
 l2tp tunnel receive-window 256
!
interface Virtual-Template10
 ip unnumbered Loopback0
 peer default ip address pool default
 ppp authentication ms-chap-v2 PPP-VPN
!
interface Vlan10
 crypto map CRYP_MAP
!
ip local pool default 10.1.1.1 10.1.1.10

I am testing this on the inside of the network, hence the crypto map on the VLAN10 interface.

As I said Windows 2000, XP & Server 2003 work flawlessly (as does Windows Mobile 5/6), but it is only time before users get Vista....

Andy