Help per VPN IPSec Cisco C837

[mangale]

Salve a tutti...
Ho rimesso su da poco un Cisco C837 al posto di un router da 2 lire con cui gestivo anche una VPN IPSec fra due siti con adsl con IP statico.
Non riesco ad agganciare la VPN col Cisco (dall'altro lato c'è un 3COM 3031) vi posto la configurazione per qualche suggerimento.
Grazie a tutti


Building configuration...

Current configuration : 3359 bytes
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname mangale
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$Qiw7$nLEF3k60CuTmwvn0W05aD0
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.3.1 192.168.3.149
ip dhcp excluded-address 192.168.3.201 192.168.3.254
!
ip dhcp pool CLIENT
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy
lease 0 2
!
!
ip cef
ip name-server xxx.xxx.xxx.xxx
ip name-server yyy.yyy.yyy.yyy
no ip ips deny-action ips-interface
!
!
!
username xxx privilege 15 view root password 7 1125160B13000A
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key wwwww address www.www.www.www
crypto isakmp aggressive-mode disable
!
!
crypto ipsec transform-set LAMA ah-md5-hmac esp-3des esp-sha-hmac
!
crypto ipsec profile LAMA
set transform-set LAMA
!
!
crypto dynamic-map ABC_GOLDEN 1
set peer www.www.www.www
set transform-set LAMA
match address 102
!
!
crypto map ABC_GOLDEN 1 ipsec-isakmp
set peer www.www.www.www
set transform-set LAMA
match address 102
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel towww.www.www.www
set peer www.www.www.www
set transform-set LAMA
match address 102
!
!
!
interface Ethernet0
description $ETH-LAN$
ip address 192.168.3.1 255.255.255.0
ip access-group sdm_ethernet0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address zzz.zzz.zzz.zzz 255.255.254.0
ip nat outside
ip virtual-reassembly
crypto map SDM_CMAP_1
pvc 8/35
protocol ip zzz.zzz.zzz.1 broadcast
encapsulation aal5snap
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 zzz.zzz.zzz.1
ip http server
no ip http secure-server
!
ip nat inside source route-map SDM_RMAP_1 interface ATM0.1 overload
!
!
ip access-list extended sdm_ethernet0_in
remark SDM_ACL Category=1
permit ip any any
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 23 remark SDM_ACL Category=17
access-list 23 permit 192.168.3.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip host 192.168.3.0 host 192.168.2.0
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 permit ip host 192.168.3.0 host 192.168.2.0
access-list 102 deny ip any any
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
access-class 23 out
exec-timeout 120 0
login local
length 0
transport input telnet ssh
transport output telnet ssh
!
scheduler max-task-time 5000
end