I'm wondering if the problem is within these two rules. You allow destination port UDP 500 and source ESP.

rle_internet(config-ext-nacl)# permit udp host 193.205.89.57 host 193.205.80.45 eq 500

rle_internet(config-ext-nacl)# permit esp host 193.205.89.57 host 193.205.80.45

Sorry, my bad, that's not the issue.

hi

this is my entire configuration:

Current configuration : 2435 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname rle_internet

!

boot-start-marker

boot-end-marker

!

logging buffered 16000 informational

enable secret 5 $1$adL3$bZtG3BtWf7gbK0dJsFwUp1

!

no aaa new-model

!

!

dot11 syslog

!

!

ip cef

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip bootp server

no ip domain lookup

!

!

!

username rle password 7 15531900016B222A3C36272C161357070617

!

!

crypto isakmp policy 10

encr aes

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxx address 193.205.89.57 no-xauth

!

!

crypto ipsec transform-set rle_residence esp-aes esp-md5-hmac

!

crypto map mymap 10 ipsec-isakmp

set peer 41.205.89.57

set transform-set rle_residence

match address rle_residence

!

archive

log config

hidekeys

!

!

!

!

!

interface Loopback0

description main interface loopback

ip address 192.168.5.35 255.255.255.0

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description WAN

crypto map mymap

ip address 193.205.80.45 255.255.255.224

ip access-group perimeter in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description LAN

ip address 192.168.6.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 41.205.80.33

ip route 192.168.1.224 255.255.255.224 193.205.89.57

!

no ip http server

no ip http secure-server

ip nat inside source list internet_access interface FastEthernet4 overload

!

ip access-list extended internet_access

permit ip 192.168.6.0 0.0.0.255 any

ip access-list extended rle_residence

permit ip 192.168.6.0 0.0.0.255 192.168.1.224 0.0.0.31

ip access-list extended perimeter

permit udp host 193.205.89.57 host 193.205.80.45 eq 500

permit esp host 193.205.89.57 host 193.205.80.45

permit ip 192.168.1.224 0.0.0.31 192.168.6.0 0.0.0.255

deny ip deny ip 192.168.6. 0.0.0.255 any log

deny ip 127.0.0.0 0.255.255.255 any log

deny ip 10.0.0.0 0.255.255.255 any log

deny ip 0.0.0.0 0.255.255.255 any log

deny ip 192.0.2.0 0.0.0.255 any log

deny ip 169.254.0.0 0.0.255.255 any log

deny ip 224.0.0.0 15.255.255.255 any log

deny ip any host 192.168.6.0 log

deny ip any host 192.168.6.255 any log

permit icmp 192.168.1.224 0.0.0.31 any

deny icmp any any redirect log

deny icmp any any mask-request log

deny tcp any any range 6000 6063 log

deny tcp any any eq 6667 log log

deny tcp any any range 12345 12346 log

deny tcp any any eq 31337 log

deny udp any any eq 2049 log

deny udp any any eq 31337 log

permit udp any eq 53 any gt 1023

deny tcp any range 0 65535 any range 0 65535 log

deny udp any range 0 65535 any range 0 65535 log

deny ip any any

!

logging source-interface Loopback0

logging 192.168.6.90

access-list 20 permit 192.168.6.90

access-list 20 permit 192.168.6.52

access-list 20 permit 192.168.6.53

access-list 20 deny any

access-list 99 permit 192.168.0.2 log

access-list 99 permit 192.168.0.18 log

snmp-server community xyxy RW 20

no cdp run

!

control-plane

!

line con 0

password 7 095E4B0E100A19130709

login local

no modem enable

line aux 0

line vty 0 4

password 7 03165E0C0F002F4D420C

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

thanks a lot