Thanks for the quick response. Here are the config and ver of my 1720:

---------------------------------------------------------------------------------------------------------

Cisco1720>sh ver

Cisco Internetwork Operating System Software

IOS (tm) C1700 Software (C1700-K9O3SY7-M), Version 12.2(8)T1, RELEASE SOFTWARE (fc2)

TAC Support: http://www.cisco.com/tac

Copyright (c) 1986-2002 by cisco Systems, Inc.

Compiled Sat 30-Mar-02 14:18 by ccai

Image text-base: 0x80008108, data-base: 0x80D2C08C

ROM: System Bootstrap, Version 12.0(3)T, RELEASE SOFTWARE (fc1)

Cisco1720 uptime is 1 day, 2 hours, 50 minutes

System returned to ROM by reload

System image file is "flash:c1700-k9o3sy7-mz.122-8.T1.bin"

cisco 1720 (MPC860T) processor (revision 0x601) with 27853K/4915K bytes of memory.

Processor board ID JAD061301QE (2828269743), with hardware revision 0000

MPC860T processor: part number 0, mask 32

Bridging software.

X.25 software, Version 3.0.0.

1 Ethernet/IEEE 802.3 interface(s)

1 FastEthernet/IEEE 802.3 interface(s)

1 Virtual Private Network (VPN) Module(s)

memory.

8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

-------------------------------------------------------------------------------------------------------

Cisco1720#sh run

Building configuration...

Current configuration : 4314 bytes

!

version 12.2

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname Cisco1720

!

boot system flash c1700-k9o3sy7-mz.122-8.T1.bin

boot system flash

logging buffered 16384 notifications

no logging console

no logging monitor

aaa new-model

!

!

aaa authentication login userauthen local

aaa session-id common

enable secret 5

enable password

!

username

memory-size iomem 20

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

!

!

ip name-server xxxxxxxxxxxxx

ip dhcp excluded-address xxxxxxxxxxxxx xxxxxxxxxxxxxx

ip dhcp excluded-address xxxxxxxxxxxxxx xxxxxxxxxxx

!

ip dhcp pool 1

network 192xxxxxxxxxxxxxxxxx

domain-name xxxxxxxx.net

default-router 192.168.100.1

dns-server

!

ip inspect audit-trail

ip inspect max-incomplete low 300

ip inspect max-incomplete high 1000

ip inspect one-minute high 600

ip inspect udp idle-time 7200

ip inspect dns-timeout 7

ip inspect tcp idle-time 7200

ip inspect tcp finwait-time 10

ip inspect tcp synwait-time 35

ip inspect tcp max-incomplete host 50 block-time 1

ip inspect name ed rcmd timeout 15

ip inspect name ed cuseeme timeout 20

ip inspect name ed smtp timeout 120

ip inspect name ed tftp timeout 60

ip inspect name ed realaudio timeout 120

ip inspect name ed streamworks timeout 120

ip inspect name ed tcp timeout 7200

ip inspect name ed udp timeout 7200

ip audit notify log

ip audit po max-events 100

vpdn-group pppoe

!

!

crypto isakmp policy 1

authentication pre-share

lifetime 300

crypto isakmp key mickey address 209.xxxxxxxxxx (for point to point vpn - working fine)

crypto isakmp key mouse address 0.0.0.0 0.0.0.0 (for vpn client - not working so well)

!

crypto isakmp client configuration group vpngroup

!

!

crypto ipsec transform-set cm-transformset-1 esp-des esp-sha-hmac

!

crypto dynamic-map cm-cryptomap 10

set transform-set cm-transformset-1

!

!

crypto map cm-cryptomap 1 ipsec-isakmp

set peer 209.xxxxxxxxx

set transform-set cm-transformset-1

match address 115

!

!

!

!

interface Ethernet0

description connected to Internet

ip address 209.xxxxxxxxxxxxxxx

ip access-group 125 in

ip mtu 1492

ip nat outside

ip inspect destina out

no ip route-cache

no ip mroute-cache

no keepalive

half-duplex

crypto map cm-cryptomap

!

interface FastEthernet0

description connected to EthernetLAN

ip address 192.xxxxxxxxxxxxxxxxxx

ip nat inside

ip tcp adjust-mss 1452

speed auto

!

router rip

version 2

network 192.168.100.0

no auto-summary

!

ip local pool ippool 172.16.1.1 172.16.1.100

ip nat inside source route-map nonat interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 209.xxxxxxxxx

ip route 151.xxxxxxx 255.255.255.0 209.xxxxxxx

ip route 151.xxxxxxx 255.255.255.252 209.xxxxxxxxxx

no ip http server

ip pim bidir-enable

!

!

logging 192.xxxxxxxxxxxx

access-list 1 permit 192.168.100.0 0.0.0.255

access-list 101 deny ip 192.xxxxxx 0.0.0.255 10.xxxxxxxxxxxxxx

access-list 101 deny ip 192.xxxxxxxx 0.0.0.255 10.xxxxxxxx

access-list 101 permit ip 192.xxxxxx 0.0.0.255 host 209.xxxxxx

access-list 101 permit ip 192.xxxxx 0.0.0.255 host 209.xxxxxx

access-list 101 deny ip 192.xxxxx 0.0.0.255 209.xxxxxx

access-list 101 deny ip 192.xxxxx 0.0.0.255 209.xxxxx

access-list 101 permit ip 192.xxxxx 0.0.0.255 any

access-list 115 permit ip 192.xxxxx 0.0.0.255 10.xxxxx

access-list 115 permit ip 192.xxxxx 0.0.0.255 10.xxxxx

access-list 115 deny ip 192.xxxx 0.0.0.255 host 209.xxxx

access-list 115 deny ip 192.xxxx 0.0.0.255 host 209.xxxx

access-list 115 permit ip 192.xxxx 0.0.0.255 209.xxxx

access-list 115 permit ip 192.xxxx 0.0.0.255 209.xxxxx

access-list 115 deny ip 192.xxxx 0.0.0.255 any

!

route-map nonat permit 10

match ip address 101

!

snmp-server community public RO

!

line con 0

exec-timeout 0 0

password

line aux 0

line vty 0 4

exec-timeout 30 0

password

!

end

---------------------------------------------------------------------------------------------------

It seems to me that this should be easier than it has been in my various attempts but as I am new to configuring VPNs on routers I wonder if you could also check the methodology I am using.

I have included (below)the steps I have taken, in order with cmds:

1) SET ISAKMP POLICY

crypto isakmp policy 2

encryption des

authentication pre-share

hash md5

group 2

lifetime 300

2) SET ISAKMP KEY AND ADDRESS

crypto isakmp key cisco123 address 0.0.0.0

3) SET ISAKMP CLIENT CONFIG

crypto isakmp client configuration address-pool local ippool

4) SET TRANSFER SET

crypto ipsec transform-set dynamic-set-1 esp-des esp-md5-hmac

5) SPECIFY DYNAMIC CRYPTO MAP TEMPLATE

crypto dynamic-map rtpmap 10

set transform-set dynamic-set-1

crypto map dynamic-set-1 99 ipsec-isakmp dynamic rtpmap

ip local pool ippool 172.16.1.1 172.16.1.100

6) MORE CLIENT CONFIG

crytpo map dynamic-set-1 client configuration address initiate

crytpo map dynamic-set-1 client configuration address respond

crytpo map dynamic-set-1 10 ipsec-isakmp dynamic dynmap

crypto isakmp client configuration group vpnpinnacles

7) APPLY CHANGES TO INTERFACE E0

(config)# interface Ethernet 0

(config-if)# crypto map dynamic-set-1

Thank you in advance.

RJ

this link may help lead you in the right direction

http://www.cisco.com/en/US/tech/tk648/tk367/technologies_configuration_example09186a00800ef7ba.shtml