Check out our sample configurations on Cisco.com's TAC web site (http://www.cisco.com/tac) at:

http://www.cisco.com/cgi-bin/Support/PSP/psp_view.pl?p=Internetworking:IPSec

TRY DISABLING THE HEADER AUTHENTICATION.. I DO THIS

FOR USE WITH A NAT POOL AND IT WORKS WHEN CONNECTING

OUT CAUSE I USE A NAT POOL HERE.. AT THE REMOTE SIDE

(A VPN CONCENTRATOR) I HAVE THE TECH THERE REMOVE

HEADER AUTHENTICATION. IT WILL MEAN PEOPLE CAN SEE

THAT WE ARE TALKING BUT CANT SEE WHAT WE ARE SAYING.

VARIOUS PEOPLE IN THE COMMUNITY HAVE SAID ITS NOT A

REAL BIG SECURITY PROBLEM.. IT JUST IS THE ONLY WAY

I KNOW OF TO GET AROUND NAT (OTHER THAN DOING 1TO1

NAT WHICH I CAN DO WITH DHCP SERVICES)