I'm at the end of my rope here, I've been thrust into a job I'm not prepared for. Someone please point me in the right direction. Here's the error I'm getting when I try to connect to the outside VPN. The cisco to cisco vpn producesn a similar error.

014949: *Jan 29 22:03:52.101 PCTime: %FW-6-DROP_PKT: Dropping tcp session 192.168.201.58:51288 192.168.1.253:8192 on zone-pair ccp-zp-in-out class ccp-insp-traffic due to  Invalid Segment with ip ident 0

here's my config

Current configuration : 9694 bytes
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 (possible password redacted)
!
no aaa new-model
!
!
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1375678663
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1375678663
revocation-check none
rsakeypair TP-self-signed-1375678663
!
!
crypto pki certificate chain TP-self-signed-1375678663
certificate self-signed 01
  (encryption key redacted)
      quit
no ip source-route
!
!
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name (company url redacted)
ip inspect log drop-pkt
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FHK144776L9
!
!
username administrator privilege 15 secret 5 (possible password redacted)
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all VPN_Traffic
match access-group 177
class-map type inspect match-any port_forwarding
match access-group name port_forwarding
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-any ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any vpn
match access-group 103
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
  inspect
class class-default
  pass
policy-map type inspect vpn_permit
class type inspect port_forwarding
  inspect
class type inspect vpn
  pass
class type inspect ccp-insp-traffic
  pass
class class-default
  drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
  drop log
class type inspect VPN_Traffic
  pass
class type inspect ccp-protocol-http
  inspect
class type inspect ccp-insp-traffic
  inspect
class class-default
  drop
policy-map type inspect ccp-permit
class type inspect ccp-icmp-access
  inspect
class class-default
  pass
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security ccp-zp-out-in source out-zone destination in-zone
service-policy type inspect vpn_permit
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key I81u812ok address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
!
!
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $FW_OUTSIDE$$ES_WAN$
ip address (wan ip redacted) 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 192.168.201.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.201.235 25 interface GigabitEthernet0 25
ip nat inside source static tcp 192.168.201.235 80 interface GigabitEthernet0 80
ip nat inside source static tcp 192.168.201.235 3101 interface GigabitEthernet0 3101
ip nat inside source static tcp 192.168.201.235 443 interface GigabitEthernet0 443
ip nat inside source static tcp 192.168.201.235 8095 interface GigabitEthernet0 8095
ip nat inside source static tcp 192.168.201.236 3389 interface GigabitEthernet0 3389
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
ip access-list extended port_forwarding
permit tcp any host 192.168.201.235 eq smtp
permit tcp any host 192.168.201.235 eq www
permit tcp any host 192.168.201.235 eq 3101
permit tcp any host 192.168.201.235 eq 443
permit tcp any host 192.168.201.235 eq 8095
permit tcp any host 192.168.201.236 eq 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.201.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip (wan ip redacted) 0.0.0.7 any
access-list 101 remark CCP_ACL Category=4
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.201.0 0.0.0.255 192.168.195.0 0.0.0.255
access-list 102 remark CCP_ACL Category=2
access-list 102 remark IPSec Rule
access-list 102 deny   ip 192.168.201.0 0.0.0.255 192.168.195.0 0.0.0.255
access-list 102 permit ip 192.168.201.0 0.0.0.255 any
access-list 103 permit ip 192.168.195.0 0.0.0.255 192.168.201.0 0.0.0.255
access-list 177 permit ip 192.168.201.0 0.0.0.255 192.168.195.0 0.0.0.255
no cdp run

!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end