Hi everyone,

I came back with this matter because the split-tunnel is needed, so I checked a debug and at this point starts to go down:

Oct 19 21:12:45 [IKEv1]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, Security negotiation complete for User (Usuario10)  Responder, Inbound SPI = 0xd7e29b06, Outbound SPI = 0x07713d8c
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, IKE got a KEY_ADD msg for SA: SPI = 0x07713d8c
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, Pitcher: received KEY_UPDATE, spi 0xd7e29b06
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, Failed to update IPSec SA. Tearing down SA.
Oct 19 21:12:45 [IKEv1]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, QM FSM error (P2 struct &0x6fa71fd0, mess id 0x21631287)!
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, IKE QM Responder FSM error history (struct &0x6fa71fd0)  , :  QM_DONE, EV_ERROR-->QM_WAIT_MSG3, EV_IPSEC_FAIL-->QM_WAIT_MSG3, NullEvent-->QM_WAIT_MSG3, EV_LOAD_IPSEC-->QM_WAIT_MSG3, EV_PROC_MSG-->QM_WAIT_MSG3, EV_HASH_OK-->QM_WAIT_MSG3, NullEvent-->QM_WAIT_MSG3, EV_COMP_HASH
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, sending delete/delete with reason message
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing blank hash payload
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing IPSec delete payload
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing qm hash payload
Oct 19 21:12:45 [IKEv1]: IP = 190.48.243.117, IKE_DECODE SENDING Message (msgid=ad050387) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, IKE Deleting SA: Remote Proxy 192.168.20.23, Local Proxy 192.168.0.0
Oct 19 21:12:45 [IKEv1]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, Removing peer from correlator table failed, no match!
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, IKE SA AM:a6b75ef4 rcv'd Terminate: state AM_ACTIVE  flags 0x0841c041, refcnt 1, tuncnt 0
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, IKE SA AM:a6b75ef4 terminating:  flags 0x0941c001, refcnt 0, tuncnt 0
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, sending delete/delete with reason message
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing blank hash payload
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing IKE delete payload
Oct 19 21:12:45 [IKEv1 DEBUG]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, constructing qm hash payload
Oct 19 21:12:45 [IKEv1]: IP = 190.48.243.117, IKE_DECODE SENDING Message (msgid=bb090f3d) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Oct 19 21:12:45 [IKEv1]: Group = VPN_IPHONE, Username = Usuario10, IP = 190.48.243.117, Session is being torn down. Reason: Unknown
Oct 19 21:12:45 [IKEv1]: Ignoring msg to mark SA with dsID 643072 dead because SA deleted

And this is VPN config

crypto ipsec transform-set VPNRA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYNMAP 65535 match address remotevpn
crypto dynamic-map DYNMAP 65535 set transform-set VPNRA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VPNMAP interface GC
crypto map VPNMAP interface TASA
crypto map TASA2_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map TASA2_map interface TASA2
crypto map management_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map management_map interface management
crypto isakmp enable TASA
crypto isakmp enable management
crypto isakmp enable TASA2
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
!
group-policy DfltGrpPolicy attributes
group-policy TESTVPNPolicy internal
group-policy TESTVPNPolicy attributes
 dns-server value 100.0.3.13 100.0.3.14
 vpn-simultaneous-logins 20
 vpn-tunnel-protocol IPSec webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN-RA-TESTVPN
 default-domain value TESTVPN.com.ar
 address-pools value vpnpool
 client-firewall none
tunnel-group DefaultRAGroup general-attributes
 authentication-server-group CiscoVPN-SG
tunnel-group TESTVPN type remote-access
tunnel-group TESTVPN general-attributes
 address-pool vpnpool
 authentication-server-group CiscoVPN-SG LOCAL
 default-group-policy TESTVPNPolicy
tunnel-group TESTVPN ipsec-attributes
 pre-shared-key *
!

It's driving me crazy...