I think that you've missed out the wildcard mask of 0.0.0.0 which tells the router that you are using dynamic addressing for the clients. Try adding an extra 0.0.0.0 to the end of your crypto isakmp key command...
Here's a section from my own...
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key ****** address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local vpnpool
!
!
crypto ipsec transform-set trans1 esp-des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set trans1
!
!
crypto map intmap client configuration address initiate
crypto map intmap client configuration address respond
crypto map intmap 10 ipsec-isakmp dynamic dynmap
- Colin -