I am attempting to setup remote VPN access for clients but have been unable to connect remotely using Cisco VPN client.  Here is the current configuration on the router.  I think I'm almost there and may be missing a couple commands.  Thank you for looking.

Current configuration : 4758 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname FCC-1811-Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 XXXX

!

aaa new-model

!

aaa authentication login vpnauthen local

aaa authorization network vpnauthor local

!

aaa session-id common

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.35.5.1 10.35.5.49

ip dhcp excluded-address 10.35.5.100 10.35.5.254

ip dhcp excluded-address 10.35.10.1 10.35.10.9

!

ip dhcp pool FCC-Admin

   import all

   network 10.35.5.0 255.255.255.0

   default-router 10.35.5.1

!

ip dhcp pool FCC-Guest

   import all

   network 10.35.10.0 255.255.255.0

   default-router 10.35.10.1

!

ip domain name faithcountrychapel.net

ip inspect name FW tcp router-traffic

ip inspect name FW udp router-traffic

ip inspect name FW icmp router-traffic

ip inspect name FW dns

ip inspect name FW ftp

ip inspect name FW tftp

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

voice-card 0

no dspfarm

!

username XXXX privilege 15 secret 5 XXXX

username XXXX privilege 15 secret 5 XXXX

username XXXX privilege 15 secret 5 XXXX

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group FCCVPN

key XXXX

pool vpnpool

!

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

!

crypto dynamic-map dynmap 10

set transform-set vpnset

!

crypto map vpnmap client authentication list vpnauthen

crypto map vpnmap isakmp authorization list vpnauthor

crypto map vpnmap client configuration address respond

crypto map vpnmap 10 ipsec-isakmp dynamic dynmap

!

interface Loopback0

ip address 172.16.1.1 255.255.255.240

!

interface FastEthernet0/0

ip address dhcp

ip access-group INBOUND in

ip nat outside

ip inspect FW out

no ip virtual-reassembly

duplex auto

speed auto

no cdp enable

crypto map vpnmap

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 10.35.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.5

encapsulation dot1Q 5

ip address 10.35.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 10.35.10.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

!

ip local pool vpnpool 10.35.5.200 10.35.5.254

no ip forward-protocol nd

ip http server

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0/0 overload

!

ip access-list extended INBOUND

permit icmp any any echo-reply

permit icmp any any unreachable

permit icmp any any time-exceeded

permit tcp any any eq 22

permit tcp any any established

permit udp any eq domain any

permit udp any eq bootps any eq bootpc

ip access-list extended NAT

permit ip 10.35.5.0 0.0.0.255 any

permit ip 10.35.10.0 0.0.0.255 any

!

access-list 100 permit udp any eq bootpc host 255.255.255.255 eq bootps

access-list 100 permit udp host 0.0.0.0 eq bootpc host 10.35.5.1 eq bootps

access-list 100 permit udp 10.35.10.0 0.0.0.255 eq bootpc host 10.35.5.1 eq bootps

access-list 100 deny   tcp 10.35.10.0 0.0.0.255 any eq telnet

access-list 100 deny   ip 10.35.10.0 0.0.0.255 10.35.5.0 0.0.0.255

access-list 100 deny   ip 10.35.10.0 0.0.0.255 10.35.1.0 0.0.0.255

access-list 100 permit ip any any

!

control-plane

!

line con 0

password 7 XXXX

line aux 0

line vty 0 4

transport input telnet ssh

line vty 5 15

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end