I have an ASA 5505 that I've configured with 3 site-to-site VPN tunnels (which are working perfectly), as well as a customized Remote Access VPN tunnel which works great with our XP clients that use the traditional Cisco VPN client software. However, I'm trying to move away from that as I begin upgrading users to Windows 7 x64 by converting to the built-in Windows client using L2TP/IPSec. To do this, I've followed the recommended Cisco guide (as well as a half dozen forum posts) and setup the DefaultRAGroup for this purpose.
However, I'm hitting a roadblock in my configuration in that my clients are immediately rejected with an Error 789, and the ASA reports a "QM FSM Error". I've searched and revealed that it's probably a mismatched crypto setting, but I've poured over documentation and can't figure out where I've gone wrong in my configs.
I should note that I'm using IAS for authentication off my Active Directory domain, and testing that from ASDM works great!
My ASA 5505 is running 8.2(1)11 software and ASDM 6.2(3).
I'm attaching the entire config file with passwords scrubbed and outside IP's replaced as 1.2.3.x or 4.5.6.x as appropriate. I would appreciate any feedback on where I'm going wrong.