Dear rseibert,
Sorry for late update, yes indeed i attempt to connect with dual user, i do understand of what you had explain to me.
But my main issue is on phase 2, based on the error log.
2014-04-28 17:37:47infoIKE 39.251.67.192 Phase 1: Retransmission limit has been reached.
2014-04-28 17:37:07infoIKE 39.251.67.192: XAuth login was passed for gateway Dialup_GW, username uservpn1, retry: 0, Client IP Addr 0.0.0.0, IPPool name: , Session-Timeout: 0s, Idle-Timeout: 0s.
2014-04-28 17:37:07infoIKE 39.251.67.192: XAuth login was refreshed for username uservpn1 at 0.0.0.0/0.0.0.0.
2014-04-28 17:37:00infoRejected an IKE packet on ethernet0/0 from 39.251.67.192:37203 to xxx.xxx.xx.xx:4500 with cookies 38cb1889542a5932 and e4613fca34d940b4 because A Phase 2 packet arrived while XAuth was still pending.
2014-04-28 17:36:59infoIKE 39.251.67.192 phase 1:The symmetric crypto key has been generated successfully.
2014-04-28 17:36:59infoIKE 39.251.67.192 Phase 1: Responder starts AGGRESSIVE mode negotiations.
2014-04-28 17:36:59infoIKE 39.251.67.192 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.
2014-04-28 17:36:59infoIKE 39.251.67.192 Phase 1: Completed for user ipsecvpn.
2014-04-28 17:36:59infoIKE<39.251.67.192> Phase 1: IKE responder has detected NAT in front of the remote device.
2014-04-28 17:36:59infoIKE<39.251.67.192> Phase 1: IKE responder has detected NAT in front of the local device.
2014-04-28 17:36:52infoIKE 39.251.67.192 phase 1:The symmetric crypto key has been generated successfully.
2014-04-28 17:36:52infoIKE 39.251.67.192 Phase 1: Responder starts AGGRESSIVE mode negotiations.