Cisco 881 pci k9. Добрый вечер. Не получается настроить трафик через VPN туннель. Сразу покажу как настраивал. Конфиг нашел в инете:

aaa new-model
aaa authentication login USER-EVPN local
aaa authorization network GROUP-EVPN local
!
username user password 0 12345678

ip local pool VPN-POOL 192.168.1.1 192.168.1.50

!
crypto isakmp policy 10
authentication pre-share
hash md5
group 2

crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac

access-list 120 permit ip 192.168.1.0 0.0.0.255 any
crypto isakmp client configuration group EVPN-GROUP
key 12345678
pool VPN-POOL
acl 120

crypto isakmp profile VPN-CLIENT
   match identity group EVPN-GROUP
   client authentication list USER-EVPN
   isakmp authorization list GROUP-EVPN
   client configuration address respond

crypto dynamic-map DYNMAP 10
set transform-set 3DES-MD5
set isakmp-profile VPN-CLIENT
reverse-route

crypto map DMAP 1 ipsec-isakmp dynamic DYNMAP

int FA4
crypto map DMAP

route rip
redistribute static

access-list 170 permit esp any any
access-list 170 permit udp any any eq isakmp
access-list 170 permit udp any any eq non500-isakmp
---------------------------------------------------------

После ввода команд. Запускаю из дома cisco vpn client. Ввожу логин EVPN-GROUP и пароль. Далее логиню пользователя. Соединение происходит. В сетевых подключениях появляется vpn подключение с заданными настройками в маршрутизаторе. Но пинг не в офис не из офиса не происходит. Статистика на vpn клиенте encrypted и decrypted показывает 0. На маршрутизаторе:
sh cry sess detail
Interface: FastEthernet4
Username: EVPN
Profile: VPN-CLIENT
Group: EVPN-GROUP
Assigned address: 192.168.1.1
Uptime: 00:33:58
Session status: UP-ACTIVE
Peer: 109.72.*.*(дом.ip) port 51603 fvrf: (none) ivrf: (none)
      Phase1_id: EVPN-GROUP
      Desc: (none)
  IKEv1 SA: local 84.47.*.*/4500 remote 109.72.*.*/51603 Active
          Capabilities:CXN connid:2014 lifetime:23:25:54
  IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 host 192.168.1.1
        Active SAs: 2, origin: dynamic crypto map
        Inbound:  #pkts dec'ed 0 drop 0 life (KB/Sec) 4388316/1561
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 4388316/1561
---------------------------------------------
sh cryp engi connect active
Crypto Engine Connections

   ID  Type    Algorithm           Encrypt  Decrypt LastSeqN IP-Address
    9  IPsec   3DES+MD5                  0        0        0 84.47.*.*
   10  IPsec   3DES+MD5                  0        0        0 84.47.*.*
2001  IKE     MD5+DES                   0        0        0 84.47.*.*
2002  IKE     MD5+DES                   0        0        0 84.47.*.*
2003  IKE     MD5+DES                   0        0        0 84.47.*.*
2004  IKE     MD5+DES                   0        0        0 84.47.*.*
2005  IKE     MD5+DES                   0        0        0 84.47.*.*
2007  IKE     MD5+DES                   0        0        0 84.47.*.*
2011  IKE     MD5+DES                   0        0        0 84.47.*.*
2014  IKE     MD5+DES                   0        0        0 84.47.*.*
-------------------------------------------------------

sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
84.47.*.*    109.72.*.* (дом.ip)   QM_IDLE           2014 ACTIVE VPN-CLIENT
84.47.*.*    109.72.*.*   QM_IDLE           2011 ACTIVE VPN-CLIENT
84.47.*.*    109.72.*.*   QM_IDLE           2007 ACTIVE VPN-CLIENT
--------------------------------------------------------

sh crypto ipsec sa

interface: FastEthernet4
    Crypto map tag: DMAP, local addr 84.47.*.*

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.1/255.255.255.255/0/0)
   current_peer 109.72.*.* port 51603
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 84.47.*.*, remote crypto endpt.: 109.72.*.*
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet4
     current outbound spi: 0x88F87139(2297983289)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0xF54D33E9(4115477481)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 9, flow_id: Onboard VPN:9, sibling_flags 80000046, crypto map: DMAP
        sa timing: remaining key lifetime (k/sec): (4388316/1053)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE
------------------------------------
sh crypto map
Crypto Map IPv4 "DMAP" 1 ipsec-isakmp
        Dynamic map template tag: DYNMAP

Crypto Map IPv4 "DMAP" 65536 ipsec-isakmp
        Peer = 109.72.*.*
        ISAKMP Profile: VPN-CLIENT
        Extended IP access list
            access-list  permit ip any host 192.168.1.1
            dynamic (created from dynamic map DYNMAP/10)
        Current peer: 109.72.*.*
        Security association lifetime: 4608000 kilobytes/3600 seconds
        Responder-Only (Y/N): N
        PFS (Y/N): N
        Transform sets={
                3DES-MD5:  { esp-3des esp-md5-hmac  } ,
        }
        Reverse Route Injection Enabled
        Interfaces using crypto map DMAP:
                FastEthernet1

                FastEthernet4