Всем привет! Большое спасибо ruff, но пока решение не нашел...
конфа циски
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname test-vpn-client
!
username test password 0 test
aaa new-model
!
!
aaa authorization network groupauthor local  
!
crypto isakmp client configuration group fw
key 123456
pool ippool
!
crypto isakmp profile VPNclient
   description VPN clients profile
   match identity group fw
   isakmp authorization list groupauthor
   client configuration address respond
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 5
set transform-set myset  
set isakmp-profile VPNclient
!
interface FastEthernet0
description Outside interface
ip address 192.168.1.169 255.255.255.0
no ip mroute-cache
duplex auto
speed auto
crypto map mymap
!  
interface Ethernet0
description Inside interface
ip address 192.168.2.168 255.255.255.0
duplex auto
speed auto
no keepalive
!  
ip local pool ippool 192.168.1.1 192.168.1.167
!
line con 0
exec-timeout 0 0
escape-character 27
line aux 0
line vty 0 4
password 0 test
!
!
end

client при конекте пишет -
Secure VPN Connection terminated locally by the Client.
Reason 401: An unrecognized error occurred while establishing the VPN connection.
Not connected.
а в логах -
  Sev=Warning/2    CVPND/0xE3400003
Function CreateFile failed with an error code of 0x00000002(DRVIFACE:725)

конекчусь с 192.168.1.161
в чем может быть дело???

• Cisco VPN Client - part 2,ruff, 16:38 , 03-Мрт-05

хм... хз... вот мой конфиг
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 20
encr 3des
hash md5
authentication pre-share
crypto isakmp key ***** address xxx.xxx.90.50 no-xauth
crypto isakmp key ***** address xxx.xxx.77.138 no-xauth
crypto isakmp key ***** address xxx.xxx.209.197 no-xauth
crypto isakmp key ***** address xxx.xxx.226.1 no-xauth
crypto isakmp key ***** address xxx.xxx.76.10 no-xauth
crypto isakmp keepalive 10 5
!
crypto isakmp client configuration group branches
key dynclientkey
dns 192.168.0.210 192.168.0.100
domain company.com
pool branches_pool
acl ez-split
crypto isakmp profile to_branches
   description VPN L2L to branches
   keyring default
   match identity address xxx.xxx.90.50 255.255.255.255
   match identity address xxx.xxx.77.138 255.255.255.255
   match identity address xxx.xxx.209.197 255.255.255.255
   match identity address xxx.xxx.226.1 255.255.255.255
   match identity address xxx.xxx.76.10 255.255.255.255
crypto isakmp profile dyn_client
   description VPN EZ client
   match identity group branches
   client authentication list EZVPNcli
   isakmp authorization list EZVPNgro
   client configuration address respond
   accounting EZVPNgro
!
!
crypto ipsec transform-set esp3desmd5 esp-3des esp-md5-hmac
crypto ipsec transform-set esp3dessha esp-3des esp-sha-hmac
!
crypto dynamic-map map_dyn 5
set transform-set esp3desmd5 esp3dessha
set isakmp-profile dyn_client
!
!
crypto map map_vpn 10 ipsec-isakmp
set peer xxx.xxx.76.10
set transform-set esp3desmd5
set isakmp-profile to_branches
match address filial1_ll
crypto map map_vpn 11 ipsec-isakmp
set peer xxx.xxx.90.50
set transform-set esp3desmd5
match address filial2_ll
crypto map map_vpn 12 ipsec-isakmp
set peer xxx.xxx.77.138
set transform-set esp3desmd5
set isakmp-profile to_branches
match address filial3_ll
crypto map map_vpn 13 ipsec-isakmp
! Incomplete
set transform-set esp3desmd5
set isakmp-profile to_branches
match address test_vpn
crypto map map_vpn 30 ipsec-isakmp dynamic map_dyn
!
...
!
interface Vlan15
description FastEth 1/15 shell
ip address xxx.xxx.254.193 255.255.255.192 secondary
ip address xxx.xxx.81.50 255.255.255.252 secondary
ip address xxx.xxx.209.198 255.255.255.252
ip flow ingress
no mop enabled
no mop sysid
crypto map map_vpn
!