Cisco IOS VPN with NAT

I'm having an issue trying to setup a Cisco 2611 router to be able to accept connections from the Cisco VPN Client. This router is also my edge router so it does NAT for the rest of my network. I have read several articles and thought that I had all of the commands covered but when trying to connect to the VPN the connection times out. I've tried several debuging options including debug crypto isakmp, debug crypto ipsec and debug crypto engine and nothing is generated in the logs. When trying to connect the connection dies at SENDING >>>

ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 1.1.1.3. Any help on this would be much appreciated.

Config for the router, All external IP's and passwords have been removed.

Building configuration...

Current configuration : 7498 bytes ! ! Last configuration change at 17:13:04 CDT Thu Mar 13 2008 by user ! NVRAM config last updated at 21:01:50 CDT Wed Mar 12 2008 by user ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname crossbonesEdge ! boot-start-marker boot-end-marker ! enable password XXXXXXX ! clock timezone CST -6 clock summer-time CDT recurring aaa new-model ! ! aaa authentication login default group radius local aaa authentication login userauthen group radius aaa authorization network groupauthor group radius aaa session-id common ip subnet-zero no ip source-route ip cef ! ! no ip domain lookup ! no ip bootp server ip inspect name myfirewall cuseeme timeout 3600 ip inspect name myfirewall ftp timeout 3600 ip inspect name myfirewall h323 timeout 3600 ip inspect name myfirewall http timeout 3600 ip inspect name myfirewall rcmd timeout 3600 ip inspect name myfirewall realaudio timeout 3600 ip inspect name myfirewall smtp timeout 3600 ip inspect name myfirewall sqlnet timeout 3600 ip inspect name myfirewall streamworks timeout 3600 ip inspect name myfirewall tcp timeout 3600 ip inspect name myfirewall tftp timeout 30 ip inspect name myfirewall udp timeout 15 ip inspect name myfirewall vdolive timeout 3600 ip audit po max-events 100 vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! ! ! ! ! ! ! ! ! ! ! ! username admin privilege 15 password XXXXXX ! ! ! ! crypto isakmp policy 3 hash md5 authentication pre-share group 2 ! crypto isakmp client configuration group VPNUsers key CiscoKey pool ippool acl 108 ! ! crypto ipsec transform-set myset esp-des esp-md5-hmac no crypto ipsec nat-transparency udp-encaps ! crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address initiate crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! ! ! ! interface Ethernet0/0 description Connection to Internet no ip address no ip redirects no ip unreachables full-duplex pppoe enable pppoe-client dial-pool-number 1 ! interface Ethernet0/1 description Connection to Crossbones ip address 10.1.2.253 255.255.255.0 no ip redirects no ip unreachables ip nat inside ip tcp adjust-mss 1452 full-duplex ! interface Dialer1 ip address 1.1.1.1 255.255.255.248 ip access-group 100 in no ip redirects no ip unreachables ip mtu 1492 ip nat outside ip inspect myfirewall in encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname snipped-for-privacy@static.sbcglobal.net ppp chap password XXXXX ppp pap sent-username snipped-for-privacy@static.sbcglobal.net password XXXXX

8 crypto map clientmap ! router eigrp 100 network 10.1.2.0 0.0.0.255 network 10.2.3.0 0.0.0.255 network 192.168.0.0 0.0.255.255 auto-summary ! ip local pool ippool 10.2.3.100 10.2.3.200 ip nat pool outsidepool 1.1.1.3 1.1.1.4 netmask 255.255.255.248 ip nat inside source list 1 interface Dialer1 overload ip nat inside source static tcp 192.168.7.15 21 interface Dialer1 21 ip nat inside source static tcp 192.168.7.15 80 interface Dialer1 80 ip nat inside source static tcp 192.168.7.10 1495 1.1.1.1 1495 extendable ip nat inside source static tcp 192.168.7.15 3389 1.1.1.1 3389 extendable ip nat inside source static 192.168.7.18 1.1.1.5 no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! ip radius source-interface Ethernet0/1 logging 192.168.7.16 access-list 1 permit 10.1.2.0 0.0.0.255 access-list 1 permit 192.168.0.0 0.0.255.255 access-list 91 permit 192.168.7.0 0.0.0.255 access-list 91 permit 192.168.5.0 0.0.0.255 access-list 91 permit 192.168.9.0 0.0.0.255 access-list 100 permit tcp any eq 443 any access-list 100 permit tcp any host 1.1.1.1 eq ftp-data access-list 100 permit tcp any host 1.1.1.1 eq ftp access-list 100 permit tcp any eq www any access-list 100 permit tcp any eq 5062 any access-list 100 permit tcp any host 1.1.1.1 eq www access-list 100 permit tcp any host 1.1.1.4 eq www access-list 100 permit udp host 64.113.32.5 host 1.1.1.1 eq ntp access-list 100 permit udp 4.0.0.0 99.135.79.57 any access-list 100 permit udp 4.0.0.2 99.135.79.57 any access-list 100 permit udp any host176.130 1.1.1.1 any access-list 100 permit tcp 152.40.176.134 1.1.1.1 any access-list 100 permit tcp 152.40.176.128 1.1.1.1 any access-list 100 permit tcp any any eq 3389 access-list 100 permit tcp any any eq 1495 access-list 100 permit icmp any host 1.1.1.1 administratively- prohibited access-list 100 permit icmp any host 1.1.1.1 echo-reply access-list 100 permit icmp any host 1.1.1.1 echo access-list 100 permit icmp any host 1.1.1.1 packet-too-big access-list 100 permit icmp any host 1.1.1.1 time-exceeded access-list 100 permit icmp any host 1.1.1.1 traceroute access-list 100 permit icmp any host 1.1.1.1 unreachable access-list 100 deny icmp any any redirect access-list 100 deny tcp any any log access-list 100 deny udp any any log access-list 100 deny ip any any log access-list 108 permit ip 192.168.0.0 0.0.255.255 10.2.3.0 0.0.0.255 access-list 108 permit ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255 access-list 199 deny ip 10.1.2.0 0.0.0.255 10.2.3.0 0.0.0.255 log access-list 199 permit ip 10.1.2.0 0.0.0.255 any dialer-list 1 protocol ip permit ! route-map nonat permit 10 match ip address 199 ! snmp-server community public RO radius-server host 192.168.7.12 auth-port 1645 acct-port 1646 key XXXXXX ! ! ! ! banner motd ^CC ********************************************************************** WARNING: This system is for the use of authorized clients only. Individuals using the computer network system without authorization, or in excess of their authorization, are subject to having all their activity on this computer network system monitored and recorded by system personnel. To protect the computer network system from unauthorized use and to ensure the computer network systems is functioning properly, system administrators monitor this system. Anyone using this computer network system expressly consents to such monitoring and is advised that if such monitoring reveals possible conduct of criminal activity, system personnel may provide the evidence of such activity to law enforcement officers. **********************************************************************

********************************************************************** Access is restricted to authorized users only. Unauthorized access is a violation of state and federal, civil and criminal laws.

********************************************************************** ^C ! line con 0 exec-timeout 15 0 password XXXX logging synchronous length 22 history size 30 line aux 0 exec-timeout 5 0 length 22 transport output none line vty 0 4 access-class 91 in exec-timeout 20 30 password XXXX length 22 history size 30 ! scheduler allocate 4000 1000 ntp clock-period 17208359 ntp server 71.13.91.122 ntp server 64.113.32.5 ! end