Site-to-Site VPN btw Pix535 and Router 2811, can't get it work

Hi, every one,  I spent couple of days trying to make  a site-to-site VPN between PIX535 and router 2811 work but come up empty handed, I followed instructions here:
http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml
#1: PIX config:
: Saved
: Written by enable_15 at 18:05:33.678 EDT Sat Oct 20 2012
PIX Version 8.0(4)
hostname pix535
interface GigabitEthernet0
description to-cable-modem
nameif outside
security-level 0
ip address X.X.138.132 255.255.255.0
ospf cost 10
interface GigabitEthernet1
description inside  10/16
nameif inside
security-level 100
ip address 10.1.1.254 255.255.0.0
ospf cost 10
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_cryptomap_dyn_60 extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
pager lines 24
ip local pool cnf-8-ip 10.1.1.192-10.1.1.199 mask 255.255.0.0
global (outside) 10 interface
global (outside) 15 1.2.4.5
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 15 10.1.0.0 255.255.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.138.1 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
group-policy GroupPolicy1 internal
group-policy cnf-vpn-cls internal
group-policy cnf-vpn-cls attributes
wins-server value 10.1.1.7
dns-server value 10.1.1.7 10.1.1.205
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value x.com
username sean password U/h5bFVjXlIDx8BtqPFrQw== nt-encrypted
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key secret1
radius-sdi-xauth
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cnf-vpn-cls type remote-access
tunnel-group cnf-vpn-cls general-attributes
address-pool cnf-8-ip
default-group-policy cnf-vpn-cls
tunnel-group cnf-vpn-cls ipsec-attributes
pre-shared-key secret2
isakmp ikev1-user-authentication none
tunnel-group cnf-vpn-cls ppp-attributes
authentication ms-chap-v2
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
Cryptochecksum:9780edb09bc7debe147db1e7d52ec39c
: end
#2:  Router 2811 config:
! Last configuration change at 09:15:32 PST Fri Oct 19 2012 by cnfla
! NVRAM config last updated at 13:45:03 PST Tue Oct 16 2012
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LA-2800
crypto pki trustpoint TP-self-signed-1411740556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1411740556
revocation-check none
rsakeypair TP-self-signed-1411740556
crypto pki certificate chain TP-self-signed-1411740556
certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31343131 37343035 3536301E 170D3132 31303136 32303435
  30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34313137
  34303535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100F75F F1BDAD9B DE9381FD 165B5188 7EAF9685 CF15A317 1B424825 9C66AA28
  C990B2D3 D69A2F0F D745DB0E 2BB4995D 73415AC4 F01B2019 84373199 C4BCF9E0
  E599B86C 17DBDCE6 47EBE0E3 8DBC90B2 9B4E217A 87F04BF7 A182501E 24381019
  A61D2C05 5404DE88 DA2A1ADC A81B7F65 C318B697 7ED69DF1 2769E4C8 F3449B33
  35AF0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
  551D1104 0B300982 074C412D 32383030 301F0603 551D2304 18301680 14B56EEB
  88054CCA BB8CF8E8 F44BFE2C B77954E1 52301D06 03551D0E 04160414 B56EEB88
  054CCABB 8CF8E8F4 4BFE2CB7 7954E152 300D0609 2A864886 F70D0101 04050003
  81810056 58755C56 331294F8 BEC4FEBC 54879FF5 0FCC73D4 B964BA7A 07D20452
  E7F40F42 8B355015 77156C9F AAA45F9F 59CDD27F 89FE7560 F08D953B FC19FD2D
  310DA96E A5F3E83B 52D515F8 7B4C99CF 4CECC3F7 1A0D4909 BD08C373 50BB53CC
  659C4246 2CB7B79F 43D94D96 586F9103 9B4659B6 5C8DDE4F 7CC5FC68 C4AD197A 4EC322
            quit
crypto isakmp policy 1
authentication pre-share
crypto isakmp key SECRET address X.X.138.132 no-xauth
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
interface FastEthernet0/0
description WAN Side
ip address X.X.216.29 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map la-2800-ipsec-policy
interface FastEthernet0/1
description LAN Side
ip address 10.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 10 permit X.X.138.132
access-list 99 permit 64.236.96.53
access-list 99 permit 98.82.1.202
access-list 101 remark vpn tunnerl acl
access-list 101 remark SDM_ACL Category=4
access-list 101 remark tunnel policy
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.20.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
webvpn gateway gateway_1
ip address X.X.216.29 port 443
ssl trustpoint TP-self-signed-1411740556
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context gateway-1
title "b"
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
   functions svc-enabled
   svc address-pool "WebVPN-Pool"
   svc keep-client-installed
   svc split include 10.20.0.0 255.255.0.0
default-group-policy policy_1
gateway gateway_1
inservice
end
#3:  Test from Pix to router:
Active SA:    1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1   IKE Peer: X.X.21.29
    Type    : user            Role    : initiator
    Rekey   : no              State   : MM_WAIT_MSG2
>>DEBUG:
Oct 22 12:07:14 pix535:Oct 22 12:20:28 EDT: %PIX-vpn-3-713902: IP = X.X.21.29, Removing peer from peer table failed, no match!
Oct 22 12:07:14 pix535 :Oct 22 12:20:28 EDT: %PIX-vpn-4-713903: IP = X.X.21.29, Error: Unable to remove PeerTblEntry
#4:  test from router to pix:
LA-2800#sh  crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
X.X.138.132  X.X.216.29  MM_KEY_EXCH       1017    0 ACTIVE
>>debug
LA-2800#ping 10.1.1.7 source 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
Packet sent with a source address of 10.20.1.1
Oct 22 16:24:33.945: ISAKMP:(0): SA request profile is (NULL)
Oct 22 16:24:33.945: ISAKMP: Created a peer struct for X.X.138.132, peer port 500
Oct 22 16:24:33.945: ISAKMP: New peer created peer = 0x488B25C8 peer_handle = 0x80000013
Oct 22 16:24:33.945: ISAKMP: Locking peer struct 0x488B25C8, refcount 1 for isakmp_initiator
Oct 22 16:24:33.945: ISAKMP: local port 500, remote port 500
Oct 22 16:24:33.945: ISAKMP: set new node 0 to QM_IDLE     
Oct 22 16:24:33.945: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 487720A0
Oct 22 16:24:33.945: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Oct 22 16:24:33.945: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-07 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-03 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
Oct 22 16:24:33.945: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Oct 22 16:24:33.945: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1
Oct 22 16:24:33.945: ISAKMP:(0): beginning Main Mode exchange
Oct 22 16:24:33.945: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_NO_STATE
Oct 22 16:24:33.945: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.049: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_NO_STATE
Oct 22 16:24:34.049: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.049: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2
Oct 22 16:24:34.049: ISAKMP:(0): processing SA payload. message ID = 0
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:34.053: ISAKMP:(0): local preshared key found
Oct 22 16:24:34.053: ISAKMP : Scanning profiles for xauth ...
Oct 22 16:24:34.053: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Oct 22 16:24:34.053: ISAKMP:      encryption DES-CBC
Oct 22 16:24:34.053: ISAKMP:      hash SHA
Oct 22 16:24:34.053: ISAKMP:      default group 1
Oct 22 16:24:34.053: ISAKMP:      auth pre-share
Oct 22 16:24:34.053: ISAKMP:      life type in seconds
Oct 22 16:24:34.053: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
Oct 22 16:24:34.053: ISAKMP:(0):atts are acceptable. Next payload is 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:actual life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa vpi_length:4
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Oct 22 16:24:34.053: ISAKMP:(0):Returning Actual lifetime: 86400
Oct 22 16:24:34.053: ISAKMP:(0)::Started lifetime timer: 86400.
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.053: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2
Oct 22 16:24:34.057: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_SA_SETUP
Oct 22 16:24:34.057: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.057: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.057: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3
Oct 22 16:24:34.181: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_SA_SETUP
Oct 22 16:24:34.181: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.181: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4
Oct 22 16:24:34.181: ISAKMP:(0): processing KE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0): processing NONCE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0):found peer pre-shared key matching X.X.138.132
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is Unity
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID seems Unity/DPD but major 55 mismatch
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is XAUTH
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): speaking to another IOS box!
Oct 22 16:24:34.221: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.221: ISAKMP:(1018):vendor ID seems Unity/DPD but hash mismatch
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.221: ISAKMP:(1018):Old State = IKE_I_MM4  New State = IKE_I_MM4
Oct 22 16:24:34.221: ISAKMP:(1018):Send initial contact
Oct 22 16:24:34.221: ISAKMP:(1018):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Oct 22 16:24:34.221: ISAKMP (0:1018): ID payload
next-payload : 8
type         : 1
address      : X.X.216.29
protocol     : 17
port         : 500
length       : 12
Oct 22 16:24:34.221: ISAKMP:(1018):Total payload length: 12
Oct 22 16:24:34.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:34.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.225: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.225: ISAKMP:(1018):Old State = IKE_I_MM4  New State = IKE_I_MM5
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 198554740
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 812380002
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 773209335..
Success rate is 0 percent (0/5)
LA-2800#
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:44.221: ISAKMP (0:1018): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:44.317: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:44.317: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:44.321: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 96)
Oct 22 16:24:48.849: ISAKMP:(1017):purging SA., sa=469BAD60, delme=469BAD60
Oct 22 16:24:52.313: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:52.313: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.313: ISAKMP:(1018): retransmitting due to retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:52.813: ISAKMP (0:1018): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018): sending packet to X.X138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:52.913: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.913: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 100)
Oct 22 16:25:00.905: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:25:00.905: ISAKMP: set new node 422447177 to QM_IDLE     
Oct 22 16:25:03.941: ISAKMP:(1018):SA is still budding. Attached new ipsec request to it. (local 1X.X.216.29, remote X.X.138.132)
Oct 22 16:25:03.941: ISAKMP: Error while processing SA request: Failed to initialize SA
Oct 22 16:25:03.941: ISAKMP: Error while processing KMI message 0, error 2.
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:12.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:22.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:32.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:32.814: ISAKMP:(1018):peer does not do paranoid keepalives.
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP: Unlocking peer struct 0x488B25C8 for isadb_mark_sa_deleted(), count 0
Oct 22 16:25:32.814: ISAKMP: Deleting peer node by peer_reap for X.X.138.132: 488B25C8
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 1112432180 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 422447177 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node -278980615 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 22 16:25:32.814: ISAKMP:(1018):Old State = IKE_I_MM5  New State = IKE_DEST_SA
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 1112432180
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 422447177
Oct 22 16:26:22.816: ISAKMP:(1018):purging node -278980615
Oct 22 16:26:32.816: ISAKMP:(1018):purging SA., sa=487720A0, delme=487720A0
****** The PIX is also used    VPN client access  , such as  Cicso VPN client  5.0, working fine ; Router is  used as  SSL VPN server, working too
I know there are lots of data here, hopefully these data may be useful for   diagnosis purpose.
Any suggestions and advices are greatly appreciated.
Sean

Hi Sean,
Current configuration:
On the PIX:
crypto isakmp policy 5
      authentication pre-share
      encryption 3des
      hash sha
      group 2
      lifetime 86400
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
     pre-shared-key SECRET
On the Router:
crypto isakmp policy 1
      authentication pre-share
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
      description vpn ipsec policy    
      set peer X.X.138.132
      set transform-set la-2800-trans-set
      match address 101
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto isakmp key SECRET address X.X.138.132 no-xauth
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez

Similar Messages

  • TS3899 I upgraded my iphone 4 to ios 6 and now I can't get my work e-mail anymore.  I've tried deleting the account and re-adding, per other forum suggestions, and still no luck.  Also, there is no longer an "Advanced" section to enter information.

    Help!  I upgraded my iphone 4 to ios 6 and now one of my two emai accounts - my work account - no longer receives/sends emails.  I checked my e-mail settings and they were correct.  I then deleted the account and tried to re-add it, per discussions in other forums, and it won't verify the account.  In addi tion, there was previously an Advanced section in the e-mail account setting, and now there isn't - don't know if that is part of the probem and the phone needs additional information that it's not asking for anymore . . . I'm beyond frustated.  Many hours of lost productivity.  Any suggestions?  Can I got back to the previous version?  I was thinking of buying new phone in next few months, but if this is resolved I'm leaving Apple. 

    Purplehiddledog wrote:
    I do backup with iCloud.  I can't wait until the new iMac is available so that I can once again have my files in more than 1 location without needing to rely solely on the cloud. 
    I also rely on iTunes and my MacBook and Time Machine as well as backing up to iCloud. I know many users know have gone totally PC free, but I chose to use iCloud merely as my third backup.
    I assume that the restore would result in my ability to open Pages and Numbers and fix the problem with deleting apps, but this would also mean that if my Numbers documents still exist solely within the app and are just not on iCloud for some reason that they would be gone forever.  Is that right?
    In a word, yes. In a little more detail.... When you restore from an iCloud backup, you must erase the device and start all over again. There is no other way to access the backup in iCloud without erasing the device. Consequently, you are starting all over again. Therefore, it would also be my assumption that Pages and Numbers will work again and that the deleting apps issues would be fixed as well.
    If the documents are not in the backup, and you do not have a backup elsewhere, the documents could be gone forever.

  • I have IMac 10.7.5 Lion I use I forgot the password and I did a few fixes from the we sites, which did not work and now I can not get the computer to reboot the gray screen comes on and if a shift c I get a load bar and it goes half way and help

    I have IMac 10.7.5 Lion I use I forgot the password and I did a few fixes from web sites, which did not work and now I can not get the computer to reboot the gray screen comes on with the apple and if a shift+c, I get a load bar and it goes half way and stops, I can get into the black screen area with the hard drive info
    I did the following:   mount -uw /    rm/var/db/.AppleSetupDone    shutdown/uses/us  reboot Ok I know I should not have, but now I need help to reboot and hopefully not lose everything on the desk top, Linda Markle

    You did the wrong things. In the future it's a good idea to remember not to do something when you don't know what you are doing and what happens when you do it.
    Forgot Your Account Password
    For Lion, Mountain Lion, or Mavericks
        Boot to the Recovery HD:
    Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
         When the menubar appears select Terminal from the Utilities menu.
         Enter resetpassword at the prompt and press RETURN. Follow
         instructions in the dialog window that will appear.
         Or see:
           Reset a Mac OS X 10.7 Lion Password
           OS X Mountain Lion- Reset a login password,
           OS X Mavericks- Solve password problems,
           OS X Lion- Apple ID can be used to reset your user account password.

  • HT1338 My kid down loaded mackeeper and now I can not get rid of it.  I have tried all techniques suggesting on several sites and still can not empty the trash can.  keep getting error code -8003.  Help.

    My kid down loaded mackeeper and now I can not get rid of it.  I have tried all techniques suggesting on several sites and still can not empty the trash can.  keep getting error code -8003.  Help.

    http://reviews.cnet.com/8301-13727_7-20020873-263.html
    This should help you empty what's currently in the trash, but is no guarantee you got everything related to MacKiller off the drive. See Ogelthorpe's link.

  • A site "radiobar" has taken over my homepage. How can I get rid of it?

    A site "radiobar" has taken over my Homepage . How can I get rid of it?
    == URL of affected sites ==
    http://

    Use the instructions at [[How to set the home page]].
    If the problem persists after that, you probably have an add-on that is adjusting it. See [[Uninstalling add-ons]]

  • New Netgear Router and now I can't get a wireless connection for my K5400 printer.

    I got a new Netgear Router and now I can't get a wireless connection on my Officejet Pro K5400 printer. Anyone know what I can do to fix this. Using Windows XP

    On the printer: Setup > Network > Restore Defaults.  From the same Network menu, run the Wireless Setup Wizard.
    Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
    I am employed by HP

  • PIX515 version 7.0 and router 2811 ver 12.3r8 not able to receive emails from gmail files larger than 2M

    PIX515 version 7.0 and router 2811 ver 12.3r8 not able to receive emails from gmail files larger than 2M

    MatejLach wrote:
    clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
    Scanning error:
    /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
    Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

  • HT6114 I did update and now I can't get on laptop? Just keeps rebooting saying there is a problem.

    I did update and now I can't get on laptop? Just keeps rebooting saying there is a problem.

    Beginning with Firefox 4, Macs must have an Intel x86 processor ('''''yours is a PPC Mac''''') '''''<u>and</u>''''' OSX 10.5 or higher ('''''which you do not have''''').
    *System Requirements: [https://www.mozilla.org/en-US/firefox/4.0/system-requirements/index.html Firefox 4] [https://www.mozilla.org/en-US/firefox/5.0/system-requirements/index.html Firefox 5] [https://www.mozilla.org/en-US/firefox/6.0/system-requirements/index.html Firefox 6] [https://www.mozilla.org/en-US/firefox/7.0/system-requirements/index.html Firefox 7] [https://www.mozilla.org/en-US/firefox/8.0/system-requirements/index.html Firefox 8] [https://www.mozilla.org/en-US/firefox/9.0/system-requirements/index.html Firefox 9]
    '''''The good news''''' is that Firefox 3.6.x still supports OSX 10.4 and Macs with the PPC Mac architecture. '''''The bad news''''' is that support for the Firefox 3.6.x series is likely to end in the first quarter of 2012.
    *System requirements: [https://www.mozilla.org/en-US/firefox/3.6/system-requirements/index.html Firefox 3.6.x]
    *Download Firefox 3.6.x: https://www.mozilla.org/en-US/firefox/all-older.html
    *Also see --> http://support.mozilla.com/en-US/kb/Installing+Firefox+on+Mac
    You can try the third-party product '''''TenFourFox''''' that supports PPC Macs with OSX 10.4.11 and OSX 10.5.8. Firefox 9 version of '''''TenFourFox''''' is available. The product is based on Firefox released versions. All support is provided by the developer, not by this site:
    *Home page: http://www.floodgap.com/software/tenfourfox/
    *Developer's blog: http://tenfourfox.blogspot.com/
    *'''''VERY IMPORTANT'''''; '''read this carefully''': https://code.google.com/p/tenfourfox/wiki/ReleaseNotes90
    *'''''VERY IMPORTANT'''''; '''read this carefully''': https://code.google.com/p/tenfourfox/wiki/PluginsNoLongerSupported
    '''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''

  • Mail server crashed and burned.  Can't get it restored

    I setup a DynDns server 2 years ago and then setup postfix to have my own mail server. I will admit that all this took me over a month as I'm not an IT guru. Many kind people helped through some forums.
    Recently I had a complete server melt down. Server and both raid drives gone!
    I'm replaced all the hardware and I'm tring to start again. I took what I thought were good notes just in case I ever had to start again but I can't get this working.
    i have reestablished my DnyDns account and can get my web page to show from out side my network.
    I'm using a road runner cable modem, with a linksys router. I have postfix enabler but I don't think it's working correctly.
    I have tried telnet commands through terminal but the results are not consistent.
    The end result is that I can't receive any mail. I can send mail.
    Can anybody help me find a good web page with strong istructions or can anybody offer an help?
    As I said, this isn't my strongest talent. I would appreciate any help.
    Thank you,

    Never answered or replied to . Figured it out on my own

  • I downloaded the latest upgrade and I still can't get my wireless to connect.  I have restored factory settings.

    I loaded the 8.1.1 upgrade to my iPad 2 and I still can't get the wireless in my home or elsewhere to connect.  I have reset factory settings to no avail.  It doesn't even recognize the network in my house.  Using my Verizon data as the sole source for now, which costs $$$.  The machine has not worked well since 8.0 upgrade.  Any thoughts?

    Try the following:
    1. Turn router off for 30 seconds and on again
    2. Settings>General>Reset>Reset Network Settings
    3. Reset iPad; hold the Sleep and Home button down until you see the Apple Logo

  • I can sink my music and pictures, but can not get my contacts to sync.  any ideas?

    i can sync my music and photos, but can't get my contacts to sync?  anybody
    know how to do this?  thanks,

    Have you Enable the Media Sharing on your Router setup page? To enable media sharing on your Router login to the router setup page and click on the Storage tab and below click on the sub tab "Media Sharing" and click on "Specify the Folder" and then add the video folder and click on save settings..
    Once done now you can try to scan for video folder on your PS3 and check.

  • HT1430 I CANT GET my IPad to connect to my WiFi and now I can't get it to go back so I can connect through iTunes- any ideas??

    cannot get iPad to connect to WiFi because I can't find the password-and now i can't get the iPad to reset to be able to connect through iTunes--help

    cannot get iPad to connect to WiFi because I can't find the password-and now i can't get the iPad to reset to be able to connect through iTunes--help

  • I charged my phone and now I can't get it to turn on again. What do I do? I can't find a solution here. All I get are error messages.

    I charged my phone and now I can't get it to turn on again. What do I do? I can't find a solution here. All I get are error messages.

    Try pulling the battery for 10 minutes and putting it back in.  Try pressing and holding the power button for a while 15-30 seconds to see if it will respond.  Did anything happen to it, drop, submersion, etc. Was it functioning before you charged, When did it last work. Are you sure it charged up and the charger is working.

  • I just read the tutorial and did exactly what it was telling me to do, and I still can't get it done. Once I have selected the file, I get a box that pops up that says "Subscribe now to convert unlimited number of files to PDFs. Subscribe Now.  I already

    I just watched the tutorial and did exactly what it was telling me to do, and I still can't get it done. Once I have selected the file, I get a box that pops up that says "Subscribe now to convert unlimited number of files to PDFs. Subscribe Now.  I already have done this! I am a subscriber!  Arrrrhhhgggg!

    Hello Kathie,
    Please let me know what exactly are you trying to do using Adobe online service.
    You might try accessing the same service for some other PDFs and check.
    Have you signed up correctly at "https://cloud.acrobat.com/" using your Adobe ID credentials.
    If the same message pops up, then please visit Contact Customer Care as they could let you know if there is any problem with your account.
    Hope to get your response.
    regards,
    Anubha

  • I am trying to download a book on my ipad. It says I need to install itunes. I have itunes already. I frequently get a message to re-install itunes. I do, but I still get the message, and I still can't get the book on my ipad.

    I am trying to download a book on my ipad. It says I need to install itunes. I have itunes already. I frequently get a message to re-install itunes. I do, but I still get the message, and I still can't get the book on my ipad.

    you can download a new installer and serial number from Adobe at Adobe - CS2 Downloads

Maybe you are looking for

  • Open file in a new Firefox tab

    Hi, I'm using a script to view html files from TextWrangler in Firefox: tell application "TextWrangler" to set theFile to file of document 1 tell application "TextWrangler" to save theFile tell application "Finder" to open theFile using (path to appl

  • Atv not showing in itunes on windows 7

    After the latest update today, 11.1.1.11, my Apple TV (3) is not showing anymore in iTunes. Unable to send anymore anything to Apple TV from my itunes. Sharing is enabled, ATV connect to the network and working stand-alone (playing content) but not f

  • Opinion of Areca ARC-1110 RAID Controller?

    I'm planning on adding a RAID set to my computer.  I'm looking for a good RAID card in the $200-300ish range.  What is the opinion of this card?  I've been reading that Areca is an excellent product, but I wasn't sure if there were any strong opinion

  • Using YTD in BEx

    Hi, Fairly new to BEx. I'm trying to create a query that has the columns of Total and YTD and rows that show the past 3 years. My Total is being pulled directly from my multiprovider--so no issues. My YTD column is a restriction of this Total field,

  • TS1367 My computer starts up but displays a dark screen

    MY computer turns on and you can hear it load up but only displays a black screen.