creating vpn with sdm

hi This is net WAN --- c2801- some services - pix 506---LAN I try to create vpn remonte access using SDM on C2801 and wizard. Just for me. To establish secure connection I use cisco vpn client and...Connection from Lan network to c2801 (behing pix firewal ) work fine, but from outside (WAN) is refused (reason 412) In the same time over the same link, vpn client ,etc ipsec connection to pix work without any problem. I know some is broken in config ,but can't find. Don't have problems with pix but here I am surprised. part of config generated with sdm and wizard: thanks for help

aaa authorization network sdm_vpn_group_ml_3 local aaa authentication login sdm_vpn_xauth_ml_5 local ip access-list extended moja remark SDM_ACL Category=4 permit ip any PUBLIC log exit ip local pool SDM_POOL_1 crypto ipsec transform-set moja ah-md5-hmac esp-md5-hmac esp-aes 128 mode tunnel exit crypto ipsec transform-set ESP-3DES-SHA esp-sha-hmac esp-3des mode tunnel exit crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA set security-association lifetime seconds 3600 set security-association lifetime kilobytes 2304000 reverse-route set security-association idle-time 28800 exit crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 interface FastEthernet0/0 no crypto map crypto map SDM_CMAP_1 exit crypto isakmp policy 2 authentication pre-share encr 3des hash md5 group 2 lifetime 28800 exit crypto isakmp policy 1 authentication pre-share encr 3des hash sha group 2 lifetime 86400 exit crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_3 crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_5 crypto map SDM_CMAP_1 client configuration address respond crypto isakmp client configuration group adminek key 0 ********* pool SDM_POOL_1 acl moja include-local-lan netmask exit

Reply to
Tomek W.
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.