Cisco EzVPN

Post Reply
camelot
Site Admin
Posts: 99
Joined: Thu 17 Jul, 2008 18:41
Contact:

Cisco EzVPN

Post by camelot »

Code: Select all

!
aaa new-model
!
!
aaa authentication login vpnuserauthen local
aaa authorization network vpngroupauthor local 
!
ip cef
!
username vpnuser password 0 vpnpassword$
!         
crypto logging session
!
crypto isakmp policy 5
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr aes
 authentication pre-share
 group 5
 lifetime 28800
crypto isakmp keepalive 20 periodic
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group VPN-Grp
 key vpnkey$
 dns IP.DNS1 .. IP_DNSn
 pool localippool
 acl 199
 save-password
 netmask 255.255.255.255
crypto isakmp profile climap
   match identity group VPN-GR
   client authentication list vpnuserauthen
   isakmp authorization list vpngroupauthor
   client configuration address respond
   virtual-template 10
!
!
crypto ipsec transform-set my-transf-set esp-3des esp-sha-hmac 
crypto ipsec transform-set my-transf-set-4 esp-3des esp-md5-hmac 
!
crypto ipsec profile IPsecPr
 set transform-set my-transf-set my-transf-set-4 
!
interface FastEthernet0/0
 description WAN
 ip address X.X.X.X Y.Y.Y.Y
 ip nat outside
 ip virtual-reassembly
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description LAN
 ip address 172.16.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!

!
interface Virtual-Template10 type tunnel
 ip unnumbered FastEthernet0/0
 ip virtual-reassembly
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile IPsecPr
!
ip local pool localippool 172.16.32.128 172.16.32.255

!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
!

access-list 101 permit ip 172.16.0.0 0.0.0.255 any
access-list 101 remark ACL for NAT
access-list 199 permit ip 172.16.0.0 0.0.0.255 any
access-list 101 remark Split-list
!
   
Post Reply