Below is my configuration. I am able to authenticate with no problem to my Cisco 2691 router, which currently acts as a VPN Server. I can connect to my VPN Server with no problem, but I can't access anything past that. From the router's interface, I can ping everything interanaly, but from the VPN client, I can't do anything.
version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MTALIB-VPNR ! boot-start-marker boot system slot0:c2691-advipservicesk9-mz.124-12.bin boot-end-marker ! logging buffered 51200 debugging enable secret 5 $1$/ddf$f7oZ.rV7R6xfC1.wGc5LF/ ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common memory-size iomem 15 clock timezone NewYork -5 clock summer-time EDT recurring ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-2379620271 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2379620271 revocation-check none rsakeypair TP-self-signed-2379620271 ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group LIBIT key *blank* dns 192.168.221.231 192.168.221.216 wins 192.168.221.231 domain libus.org pool SDM_POOL_1 acl 100 include-local-lan max-users 5 max-logins 3 netmask 255.255.255.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set security-association idle-time 2700 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1 crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! ! interface FastEthernet0/0 description $ETH-WAN$ ip address 71.249.160.35 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto crypto map SDM_CMAP_1 ! interface Serial0/0 no ip address shutdown ! interface FastEthernet0/1 description $ETH-LAN$ ip address 192.168.221.8 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface Serial0/1 no ip address shutdown ! ip local pool SDM_POOL_1 192.168.224.25 192.168.224.35 ip route 0.0.0.0 0.0.0.0 71.249.160.1 ip route 192.168.221.0 255.255.255.0 192.168.221.12 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload ! logging trap debugging access-list 100 remark SDM_ACL Category=4 access-list 100 permit ip 192.168.221.0 0.0.0.255 any access-list 101 remark SDM_ACL Category=2 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.25 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.26 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.27 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.28 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.29 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.30 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.31 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.32 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.33 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.34 access-list 101 deny ip 192.168.221.0 0.0.0.255 host 192.168.224.35 access-list 101 permit ip 192.168.221.0 0.0.0.255 any ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 transport output all line aux 0 transport output all line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! ntp clock-period 17180490 ntp server 192.5.41.40 source FastEthernet0/0 prefer ! end