Hello to everyone.

I am not an experienced Cisco Engineer and have been handed several 837/857/877 routers located at remote small sites pointing to a PIX at our HQ.

I inherited the config from a previous company and have left it "as is" by just altering the ISP details and IP Address ranges as required, didnt change the config as it seemed to work.

I reused an 857 which was working fine and altered only the ISP details. The router connects to the internet but fails to automatically bring the VPN up.

If a PC is connected and picks up an IP Address via DHCP the FastEthernet port lights and the VPN comes up a couple of seconds after. If the PC is removed the VPN stays up for a random time then drops. Any help would be greatly appreciated as I am at a loss where to go. The config seems to work at 4 sites but not this one. I have tried an 877 and it displays the same symptoms. Below is the current config with some details xxx out.

Dont be too harsh on me as I am a baby CCNA!!

Current configuration : 4809 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password 7 08114D5D1A0E0A05165A
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!

no ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 10.230.60.1 10.230.60.49
ip dhcp excluded-address 10.230.60.151 10.230.63.254
!
ip dhcp pool xxxxxxx
   import all
   network 10.230.60.0 255.255.252.0
   domain-name xxxxx.org.uk
   dns-server 10.230.12.2 10.230.12.1
   default-router 10.230.63.254
   lease 8
!
!
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw udp timeout 15
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name xxxxxx.org.uk
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-636675557
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-636675557
revocation-check none
rsakeypair TP-self-signed-636675557
!
!
username xxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxx
username xxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxx
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 2
hash md5
authentication pre-share
group 2
crypto isakmp key NSHS4T address xxxxxxxx
!
!
crypto ipsec transform-set xxxxx esp-des esp-md5-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxxxxxxxx
set peer xxxxxxxx
set transform-set NSHVPN
match address 100
!
!
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
hold-queue 100 out
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description xxxxx_Network
ip address 10.230.63.254 255.255.252.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
hold-queue 100 out
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxx@xxxxx
ppp chap password 7 xxxxxxxxx
ppp pap sent-username xxxx@xxxx password 7 xxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map SDM_CMAP_1
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
!
access-list 23 remark SDM_ACL Category=17
access-list 23 permit 10.230.60.0 0.0.3.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.230.60.0 0.0.3.255 10.230.0.0 0.0.255.255
access-list 100 permit ip 10.230.60.0 0.0.3.255 10.254.0.0 0.0.255.255
access-list 100 permit ip 10.230.60.0 0.0.3.255 10.39.0.0 0.0.255.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 102 remark SDM_ACL Category=18
access-list 102 deny   ip 10.230.60.0 0.0.3.255 10.39.0.0 0.0.255.255
access-list 102 deny   ip 10.230.60.0 0.0.3.255 10.254.0.0 0.0.255.255
access-list 102 remark IPSec Rule
access-list 102 deny   ip 10.230.60.0 0.0.3.255 10.230.0.0 0.0.255.255
access-list 102 permit ip 10.230.60.0 0.0.3.255 any
access-list 102 remark SDM_ACL Category=18
access-list 102 remark IPSec Rule
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
control-plane
!
banner login ^C
--------------------------------------------------------
Authorized Access Only

Disconnect IMMEDIATELY If You Are Not An Authorized User
--------------------------------------------------------

^C
!
line con 0
logging synchronous
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
transport output ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17176092
ntp server 64.15.175.5 source Dialer1 prefer
ntp server 10.230.12.2 source ATM0
end