Cisco EzVPN
Posted: Sat 29 Dec, 2012 14:58
Code: Select all
!
aaa new-model
!
!
aaa authentication login vpnuserauthen local
aaa authorization network vpngroupauthor local
!
ip cef
!
username vpnuser password 0 vpnpassword$
!
crypto logging session
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 10
encr aes
authentication pre-share
group 5
lifetime 28800
crypto isakmp keepalive 20 periodic
crypto isakmp nat keepalive 20
!
crypto isakmp client configuration group VPN-Grp
key vpnkey$
dns IP.DNS1 .. IP_DNSn
pool localippool
acl 199
save-password
netmask 255.255.255.255
crypto isakmp profile climap
match identity group VPN-GR
client authentication list vpnuserauthen
isakmp authorization list vpngroupauthor
client configuration address respond
virtual-template 10
!
!
crypto ipsec transform-set my-transf-set esp-3des esp-sha-hmac
crypto ipsec transform-set my-transf-set-4 esp-3des esp-md5-hmac
!
crypto ipsec profile IPsecPr
set transform-set my-transf-set my-transf-set-4
!
interface FastEthernet0/0
description WAN
ip address X.X.X.X Y.Y.Y.Y
ip nat outside
ip virtual-reassembly
load-interval 30
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Virtual-Template10 type tunnel
ip unnumbered FastEthernet0/0
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPsecPr
!
ip local pool localippool 172.16.32.128 172.16.32.255
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 172.16.0.0 0.0.0.255 any
access-list 101 remark ACL for NAT
access-list 199 permit ip 172.16.0.0 0.0.0.255 any
access-list 101 remark Split-list
!