My config is as follows:

SANDBOX_1751#show run

Building configuration...

Current configuration : 3666 bytes

!

! Last configuration change at 09:59:52 CST Thu May 8 2008

! NVRAM config last updated at 08:24:32 CST Thu May 8 2008 by root

!

version 12.3

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname SANDBOX_1751

!

boot-start-marker

boot system flash:c1700-k9o3sy7-mz.123-13.bin

boot-end-marker

!

!

memory-size iomem 20

clock timezone CST -6

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

!

aaa authentication login userauthenticate local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization network sdm_vpn_group_ml_1 local

aaa session-id common

ip subnet-zero

!

!

ip domain name XXX.com

ip name-server 64.91.3.46

ip name-server 64.91.3.60

!

ip cef

ip audit po max-events 100

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group 1

request-dialin

protocol pppoe

!

no ftp-server write-enable

!

!

username XXXX privilege 15 secret xxx

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 15

!

crypto isakmp client configuration group group1

key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

dns 1.1.1.3 1.1.1.1

wins 1.1.1.200

domain XXX.com

pool SDM_POOL_1

acl 100

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA

reverse-route

!

!

crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1

crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1

crypto map SDM_CMAP_1 client configuration address respond

crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

!

!

interface Ethernet0/0

description iburst

no ip address

ip nat outside

ip tcp adjust-mss 1452

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/0

description Lan

ip address 1.1.1.3 255.255.255.0

ip nat inside

speed auto

full-duplex

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

encapsulation ppp

ip route-cache flow

ip tcp adjust-mss 1452

no ip mroute-cache

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap password 7 03145A1815

ppp pap sent-username XXXXXXX password xxx

crypto map SDM_CMAP_1

!

ip local pool SDM_POOL_1 1.1.1.150 1.1.1.159

ip nat inside source static tcp 1.1.1.XX 410XX interface Dialer1 410XX

ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

ip http port XXXXXX

ip http secure-server

!

!

access-list 100 remark SDM_ACL Category=4

access-list 100 permit ip 1.1.1.0 0.0.0.255 any

access-list 101 remark SDM_ACL Category=2

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.150

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.151

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.152

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.153

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.154

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.155

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.156

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.157

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.158

access-list 101 deny ip 1.1.1.0 0.0.0.255 host 1.1.1.159

access-list 101 permit ip 1.1.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

route-map SDM_RMAP_1 permit 1

match ip address 101

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

transport input ssh

!

end