VPN HELP ON Cisco 837 *Phase 1 not building*

[bman38]

Hello,

I worked on this all day and still cannot get Phase 1 to build. Worse than that, it doesn't even try to build. I got the DSL connection working great for their internet conncection, but the VPN was DOA.. Here's the config with the important stuff removed. I can't describe how much a little info would mean to me. Thanks

version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ********
!
enable secret 5 $1$FOjj$KWQTHUVrb/orDFg1sNtmK1
!
no aaa new-model
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name local
ip name-server 216.17.***.***
ip name-server 216.17.***.***
ip dhcp excluded-address 192.168.19.100 192.168.19.254
ip dhcp excluded-address 192.168.19.1
!
ip dhcp pool CLIENT
import all
lease 0 2
!
ip dhcp pool dhcppool
import all
network 192.168.19.0 255.255.255.0
default-router 192.168.19.1
dns-server 216.17.***.*** 216.17.***.***
lease 3
update arp
!
!
no ip bootp server
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny
ip audit notify log
ip audit po max-events 100
ip audit name intrusion info list 3 action alarm
ip audit name intrusion attack list 3 action alarm drop reset
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 0 PSKEY address **Remote VPNs Gateway**
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
!
crypto map CRYPTOMAP 110 ipsec-isakmp
set peer **Remote VPNs Gateway**
set transform-set tr-3des-sha
match address 110
!
!
!
!
interface Ethernet0
description *Inside LAN*
ip address 192.168.19.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
bandwidth 640
ip address **Local VPNs Gateway** 255.255.255.252
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
ip inspect firewall out
ip audit intrusion in
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname **********
ppp chap password 7 0000010C0254070316255F42
ppp pap sent-username ********** password 7 06021D2B4A41051C1C130107
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp address accept
crypto map CRYPTOMAP
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source list 5 interface Dialer0 overload
ip nat inside source list 105 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 198.185.205.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
access-list 1 remark The local LAN.
access-list 1 permit 192.168.19.0 0.0.0.255
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.19.0 0.0.0.255
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny 216.17.***.*** 0.0.0.255
access-list 3 permit any
access-list 5 deny 192.168.19.100
access-list 5 permit 192.168.19.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 101 remark Traffic allowed to enter the router from the Internetacce
ss-list 101 remark Traffic allowed to enter
access-list 101 permit ip 216.17.***.*** 0.0.0.3 192.168.19.0 0.0.0.255
access-list 101 permit ip host 216.17.***.*** 192.168.19.0 0.0.0.255
access-list 101 permit ip host 216.17.***.*** 192.168.19.0 0.0.0.255
access-list 101 permit ip *Remote Network* 0.0.0.15 192.168.19.0 0.0.0.255
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any unreachable
access-list 101 deny icmp any any
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny ip any any log
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.19.1
access-list 102 deny ip any host 192.168.19.255
access-list 102 deny udp any any eq tftp log
access-list 102 permit ip 192.168.19.0 0.0.0.255 216.17.***.*** 0.0.0.3
access-list 102 permit ip 192.168.19.0 0.0.0.255 host 216.17.***.***
access-list 102 permit ip 192.168.19.0 0.0.0.255 host 216.17.***.***
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.19.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
access-list 103 remark Traffic to rate limit
access-list 103 permit icmp any any
access-list 105 remark Traffic not to NAT
access-list 105 deny ip host 192.168.19.100 198.***.***.0 0.0.0.15 (Host to Remote Network VPN)
access-list 105 permit ip 192.168.19.0 0.0.0.255 any
access-list 110 remark VPN
access-list 110 permit ip host 192.168.19.100 198.***.***.0 0.0.0.15
access-list 110 deny ip 192.168.19.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 2 in
exec-timeout 120 0
password 7 0114090B5F0F090C35435C
login
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
!
end