ISAKMP срочно нужна помощь по настройке

ситуация: есть комп (Дебиан 4.0), есть Cisco PIX. Между ними по средствам isakmp нужно настроить туннель. Cisco PIX не я настраивал.

Вот как она настроена:

access-list cp299 permit ip host 83.149.33.136 host 81.91.100.50 crypto map 3des-sha 2299 ipsec-isakmp crypto map 3des-sha 2299 match address cp299 crypto map 3des-sha 2299 set pfs group2 crypto map 3des-sha 2299 set peer 81.91.100.50 crypto map 3des-sha 2299 set transform-set strong isakmp key hMR2yH4Gv008w966 address 81.91.100.50 netmask 255.255.255.255 …

crypto ipsec transform-set strong esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 3600

…

isakmp policy 9 authentication pre-share isakmp policy 9 encryption 3des isakmp policy 9 hash sha isakmp policy 9 group 2 isakmp policy 9 lifetime 3600

Со своей стороны я сделал вот что:

ISAKMPD.POLICY KeyNote-Version: 2 Authorizer: "POLICY" Licensees: "passphrase:***" Conditions: app_domain == "IPsec policy" && esp_present == "yes" && esp_enc_alg == "3des" && esp_auth_alg == "pre-share" -> "true"; pfs == "group 2" ah_hash_alg == "sha" && esp_lifetime_seconds == "3600" &&

ISAKMPD.CONF

[General] Listen-on= 192.168.0.68 (IP моего компа в локалке) Shared-SADB= Defined

[Phase 1] 83.149.33.133= ISAKMP-peer-mega

[Phase 2] Connections= IPsec-unico-mega

[ISAKMP-peer-mega] Phase= 1 Transport= udp Local-address= 192.168.0.68 Address= 83.149.**.133 Configuration= Default-main-mode Authentication= *****

#[ISAKMP-peer-mega-aggressive] #Phase= 1 #Transport= udp #Local-address= 192.168.0.68 #Address= 83.149.**.133 #Configuration= Default-aggressive-mode #Authentication= *****

[IPsec-unico-mega] Phase= 2 ISAKMP-peer= ISAKMP-peer-mega Configuration= Default-main-mode Local-ID= Net-unico Remote-ID= Net-mega

[Net-mega] ID-type= IPV4_ADDR_SUBNET Network= 83.149.**.133 Netmask= 255.255.255.0

[Net-unico] ID-type= IPV4_ADDR_SUBNET Network= 192.168.0.68 Netmask= 255.255.255.0

[Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT #Transforms= ESP-3DES ESP-SHA-HMAC Transforms= 3DES-SHA

#[Default-aggressive-mode] #DOI= IPSEC #EXCHANGE_TYPE= AGGRESSIVE #Transforms= ESP-3DES ESP-SHA-HMAC #Transforms= 3DES-SHA

[Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-SUITE

Короче туннель не устанавливается.

Со стороны Циски пишет:

ekb-fw1# sh isakmp sa | incl 81.91.**.50

83.149.33.133 81.91.**.50 MM_SA_SETUP 0 0

83.149.33.133 81.91.**.50 MM_SA_SETUP 0 0

81.91.**.50 - мой "белый" IP

В чем моя ошибка?! Что не так сделал в isakmpd.conf и в isakmpd.policy?

transform-set: esp-3des esp-sha-hmac PFS: Group 2 Isakmp policy: 9 authentication pre-share 9 encryption 3des 9 hash sha 9 group 2