Cisco VPN Client to Router cannot access VPN network

I am in the process of configuring a Cisco 1720 Router to be a VPN server for the Cisco VPN Client software.  We intend on using it for our mobile users alone.  

I have been able to get the VPN running.  The client authenticates through the router to a RADIUS server and phase 2 completes.  That's were things go wrong.

The client is unable to access anything on the VPN network, nor can it access the interent.  I suspect I need to do something in the ACL 110, but I'm not sure what.

Here is the output of the Client LOG:

Cisco Systems VPN Client Version 5.0.02.0090
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1      10:41:49.000  12/28/07  Sev=Warning/3      IKE/0xE3000085
The length, 0, of the Mode Config option, INTERNAL_IPV4_NETMASK, is invalid

2      10:41:51.093  12/28/07  Sev=Warning/2      CVPND/0xE3400013
AddRoute failed to add a route: code 87
      Destination      192.168.254.255
      Netmask      255.255.255.255
      Gateway      172.17.0.1
      Interface      172.17.2.36

3      10:41:51.093  12/28/07  Sev=Warning/2      CM/0xA3100024
Unable to add route. Network: c0a8feff, Netmask: ffffffff, Interface: ac110224, Gateway: ac110001.

Debugs on the router have not provided much more information.  But here is the log output anyway (The time on the router is incorrect, I will fix that later):

Log Buffer (16000 bytes):
*Mar  2 23:54:59.720: ISAKMP (0:10): Checking IPSec proposal 9
*Mar  2 23:54:59.724: ISAKMP: transform 1, ESP_3DES
*Mar  2 23:54:59.724: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.724: ISAKMP:      authenticator is HMAC-MD5
*Mar  2 23:54:59.724: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.724: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.724: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.724: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.724: ISAKMP (0:10): Checking IPSec proposal 9
*Mar  2 23:54:59.724: ISAKMP (0:10): transform 1, IPPCP LZS
*Mar  2 23:54:59.728: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.728: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.728: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.728: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.728: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.728: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-md5-hmac  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.732: IPSEC(validate_proposal_request): proposal part #2,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= PCP, transform= comp-lzs  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.732: IPSEC(kei_proxy): head = clientmap, map->ivrf = , kei->ivrf =
*Mar  2 23:54:59.732: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
    {esp-3des esp-md5-hmac comp-lzs }
*Mar  2 23:54:59.732: ISAKMP (0:10): IPSec policy invalidated proposal
*Mar  2 23:54:59.736: ISAKMP (0:10): Checking IPSec proposal 10
*Mar  2 23:54:59.736: ISAKMP: transform 1, ESP_3DES
*Mar  2 23:54:59.736: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.736: ISAKMP:      authenticator is HMAC-SHA
*Mar  2 23:54:59.736: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.736: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.736: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.736: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.740: ISAKMP (0:10): Checking IPSec proposal 10
*Mar  2 23:54:59.740: ISAKMP (0:10): transform 1, IPPCP LZS
*Mar  2 23:54:59.740: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.740: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.740: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.740: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.740: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.740: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.744: IPSEC(validate_proposal_request): proposal part #2,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= PCP, transform= comp-lzs  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.744: IPSEC(kei_proxy): head = clientmap, map->ivrf = , kei->ivrf =
*Mar  2 23:54:59.744: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
    {esp-3des esp-sha-hmac comp-lzs }
*Mar  2 23:54:59.748: ISAKMP (0:10): IPSec policy invalidated proposal
*Mar  2 23:54:59.748: ISAKMP (0:10): Checking IPSec proposal 11
*Mar  2 23:54:59.748: ISAKMP: transform 1, ESP_3DES
*Mar  2 23:54:59.748: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.748: ISAKMP:      authenticator is HMAC-MD5
*Mar  2 23:54:59.748: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.748: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.748: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.752: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.752: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-md5-hmac  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.752: IPSEC(kei_proxy): head = clientmap, map->ivrf = , kei->ivrf =
*Mar  2 23:54:59.752: IPSEC(validate_transform_proposal): transform proposal not supported for identity:
    {esp-3des esp-md5-hmac }
*Mar  2 23:54:59.756: ISAKMP (0:10): IPSec policy invalidated proposal
*Mar  2 23:54:59.756: ISAKMP (0:10): Checking IPSec proposal 12
*Mar  2 23:54:59.756: ISAKMP: transform 1, ESP_3DES
*Mar  2 23:54:59.756: ISAKMP:   attributes in transform:
*Mar  2 23:54:59.756: ISAKMP:      authenticator is HMAC-SHA
*Mar  2 23:54:59.756: ISAKMP:      encaps is 61443 (Tunnel-UDP)
*Mar  2 23:54:59.756: ISAKMP:      SA life type in seconds
*Mar  2 23:54:59.756: ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xC4 0x9B
*Mar  2 23:54:59.756: ISAKMP (0:10): atts are acceptable.
*Mar  2 23:54:59.760: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel-UDP),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x400
*Mar  2 23:54:59.760: IPSEC(kei_proxy): head = clientmap, map->ivrf = , kei->ivrf =
*Mar  2 23:54:59.760: ISAKMP (0:10): processing NONCE payload. message ID = 914356287
*Mar  2 23:54:59.764: ISAKMP (0:10): processing ID payload. message ID = 914356287
*Mar  2 23:54:59.764: ISAKMP (0:10): processing ID payload. message ID = 914356287
*Mar  2 23:54:59.764: ISAKMP (0:10): asking for 1 spis from ipsec
*Mar  2 23:54:59.764: ISAKMP (0:10): Node 914356287, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Mar  2 23:54:59.764: ISAKMP (0:10): Old State = IKE_QM_READY  New State = IKE_QM_SPI_STARVE
*Mar  2 23:54:59.764: IPSEC(key_engine): got a queue event...
*Mar  2 23:54:59.768: IPSEC(spi_response): getting spi 2473336454 for SA
        from 162.40.32.9     to 162.40.32.22    for prot 3
*Mar  2 23:54:59.768: ISAKMP: received ke message (2/1)
*Mar  2 23:55:00.224: ISAKMP: Locking peer struct 0x82212B5C, IPSEC refcount 1 for for stuff_ke
*Mar  2 23:55:00.224: ISAKMP (0:10): Creating IPSec SAs
*Mar  2 23:55:00.224:         inbound SA from 162.40.32.22 to 162.40.32.9 (f/i)  0/ 0
        (proxy 172.17.2.36 to 0.0.0.0)
*Mar  2 23:55:00.228:         has spi 0x936C1E86 and conn_id 2000 and flags 400
*Mar  2 23:55:00.228:         lifetime of 2147483 seconds
*Mar  2 23:55:00.228:         has client flags 0x10
*Mar  2 23:55:00.228:         outbound SA from 162.40.32.9     to 162.40.32.22    (f/i)  0/ 0 (proxy 0.0.0.0         to 172.17.2.36    )
*Mar  2 23:55:00.228:         has spi 605580969 and conn_id 2001 and flags 408
*Mar  2 23:55:00.228:         lifetime of 2147483 seconds
*Mar  2 23:55:00.228:         has client flags 0x10
*Mar  2 23:55:00.232: ISAKMP (0:10): sending packet to 162.40.32.22 my_port 4500 peer_port 2026 (R) QM_IDLE      
*Mar  2 23:55:00.232: ISAKMP (0:10): Node 914356287, Input = IKE_MESG_FROM_IPSEC, IKE_SPI_REPLY
*Mar  2 23:55:00.232: ISAKMP (0:10): Old State = IKE_QM_SPI_STARVE  New State = IKE_QM_R_QM2
*Mar  2 23:55:00.236: IPSEC(key_engine): got a queue event...
*Mar  2 23:55:00.236: IPSEC(initialize_sas): ,
  (key eng. msg.) INBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/0.0.0.0/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel-UDP),
    lifedur= 2147483s and 0kb,
    spi= 0x936C1E86(2473336454), conn_id= 2000, keysize= 0, flags= 0x400
*Mar  2 23:55:00.236: IPSEC(initialize_sas): ,
  (key eng. msg.) OUTBOUND local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/0.0.0.0/0/0 (type=1),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel-UDP),
    lifedur= 2147483s and 0kb,
    spi= 0x24186EA9(605580969), conn_id= 2001, keysize= 0, flags= 0x408
*Mar  2 23:55:00.240: IPSEC(kei_proxy): head = clientmap, map->ivrf = , kei->ivrf =
*Mar  2 23:55:00.240: IPSEC(add mtree): src 0.0.0.0, dest 172.17.2.36, dest_port 0

*Mar  2 23:55:00.240: IPSEC(create_sa): sa created,
  (sa) sa_dest= 162.40.32.9, sa_prot= 50,
    sa_spi= 0x936C1E86(2473336454),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2000
*Mar  2 23:55:00.244: IPSEC(create_sa): sa created,
  (sa) sa_dest= 162.40.32.22, sa_prot= 50,
    sa_spi= 0x24186EA9(605580969),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
*Mar  2 23:55:00.248: ISAKMP (0:10): received packet from 162.40.32.22 dport 4500 sport 2026 Global (R) QM_IDLE      
*Mar  2 23:55:00.248: ISAKMP (0:10): deleting node 914356287 error FALSE reason "quick mode done (await)"
*Mar  2 23:55:00.248: ISAKMP (0:10): Node 914356287, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Mar  2 23:55:00.252: ISAKMP (0:10): Old State = IKE_QM_R_QM2  New State = IKE_QM_PHASE2_COMPLETE
*Mar  2 23:55:00.252: IPSEC(key_engine): got a queue event...
*Mar  2 23:55:00.252: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP
*Mar  2 23:55:00.252: IPSEC(key_engine_enable_outbound): enable SA with spi 605580969/50 for 162.40.32.22
*Mar  2 23:55:09.572: ISAKMP (0:10): received packet from 162.40.32.22 dport 4500 sport 2026 Global (R) QM_IDLE      
*Mar  2 23:55:09.572: ISAKMP: set new node 314993000 to QM_IDLE      
*Mar  2 23:55:09.576: ISAKMP (0:10): processing HASH payload. message ID = 314993000
*Mar  2 23:55:09.576: ISAKMP (0:10): processing NOTIFY R_U_THERE protocol 1
        spi 0, message ID = 314993000, sa = 822B807C
*Mar  2 23:55:09.576: ISAKMP (0:10): deleting node 314993000 error FALSE reason "informational (in) state 1"
*Mar  2 23:55:09.576: ISAKMP (0:10): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Mar  2 23:55:09.576: ISAKMP (0:10): Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Mar  2 23:55:09.576: ISAKMP (0:10): DPD/R_U_THERE received from peer 162.40.32.22, sequence 0x4ED0CD79
*Mar  2 23:55:09.580: ISAKMP: set new node 1231782143 to QM_IDLE      
*Mar  2 23:55:09.580: ISAKMP (0:10): Sending NOTIFY R_U_THERE_ACK protocol 1
         spi 2179399104, message ID = 1231782143 seq. no 0x4ED0CD79
*Mar  2 23:55:09.580: ISAKMP (0:10): sending packet to 162.40.32.22 my_port 4500 peer_port 2026 (R) QM_IDLE      
*Mar  2 23:55:09.584: ISAKMP (0:10): purging node 1231782143
*Mar  2 23:55:09.584: ISAKMP (0:10): Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Mar  2 23:55:09.584: ISAKMP (0:10): Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Mar  2 23:55:15.412: ISAKMP (0:10): received packet from 162.40.32.22 dport 4500 sport 2026 Global (R) QM_IDLE      
*Mar  2 23:55:15.412: ISAKMP: set new node -1817182271 to QM_IDLE      
*Mar  2 23:55:15.416: ISAKMP (0:10): processing HASH payload. message ID = -1817182271
*Mar  2 23:55:15.416: ISAKMP (0:10): processing DELETE payload. message ID = -1817182271
*Mar  2 23:55:15.416: ISAKMP (0:10): peer does not do paranoid keepalives.

*Mar  2 23:55:15.416: ISAKMP (0:10): peer does not do paranoid keepalives.

*Mar  2 23:55:15.416: ISAKMP (0:10): deleting node -1817182271 error FALSE reason "informational (in) state 1"
*Mar  2 23:55:15.416: ISAKMP (0:10): received packet from 162.40.32.22 dport 4500 sport 2026 Global (R) QM_IDLE      
*Mar  2 23:55:15.420: ISAKMP: set new node 1044263402 to QM_IDLE      
*Mar  2 23:55:15.420: ISAKMP (0:10): processing HASH payload. message ID = 1044263402
*Mar  2 23:55:15.424: ISAKMP:received payload type 18
*Mar  2 23:55:15.424: ISAKMP (0:10): processing DELETE_WITH_REASON payload, message ID = 1044263402, reason: DELETE_BY_USER_COMMAND
*Mar  2 23:55:15.424: ISAKMP (0:10): peer does not do paranoid keepalives.

*Mar  2 23:55:15.424: ISAKMP (0:10): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE       (peer 162.40.32.22) input queue 0
*Mar  2 23:55:15.424: ISAKMP (0:10): deleting node 1044263402 error FALSE reason "informational (in) state 1"
*Mar  2 23:55:15.424: IPSEC(key_engine): got a queue event...
*Mar  2 23:55:15.424: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
*Mar  2 23:55:15.428: IPSEC(key_engine_delete_sas): delete SA with spi 605580969/50 for 162.40.32.22
*Mar  2 23:55:15.428: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 162.40.32.9, sa_prot= 50,
    sa_spi= 0x936C1E86(2473336454),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2000
*Mar  2 23:55:15.428: IPSEC(add_sa): have new SAs -- expire existing in 30 sec.,
  (sa) sa_dest= 162.40.32.22, sa_prot= 50,
    sa_spi= 0x24186EA9(605580969),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001,
  (identity) local= 162.40.32.9, remote= 162.40.32.22,
    local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
    remote_proxy= 172.17.2.36/255.255.255.255/0/0 (type=1)
*Mar  2 23:55:15.432: IPSEC(delete_sa): deleting SA,
  (sa) sa_dest= 162.40.32.22, sa_prot= 50,
    sa_spi= 0x24186EA9(605580969),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
*Mar  2 23:55:15.432: ISAKMP: Unlocking IPSEC struct 0x82212B5C from delete_siblings, count 0
*Mar  2 23:55:15.432: IPSEC(key_engine): got a queue event...
*Mar  2 23:55:15.432: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
*Mar  2 23:55:15.436: ISAKMP (0:10): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Mar  2 23:55:15.436: ISAKMP (0:10): Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Mar  2 23:55:15.436: ISAKMP (0:10): deleting SA reason "" state (R) QM_IDLE       (peer 162.40.32.22) input queue 0
*Mar  2 23:55:15.436: ISAKMP (0:10): returning address 172.17.2.36 to pool
*Mar  2 23:55:15.440: ISAKMP: Unlocking IKE struct 0x82212B5C for isadb_mark_sa_deleted(), count 0
*Mar  2 23:55:15.440: ISAKMP: returning address 172.17.2.36 to pool
*Mar  2 23:55:15.440: ISAKMP: Deleting peer node by peer_reap for 162.40.32.22: 82212B5C
*Mar  2 23:55:15.440: ISAKMP (0:10): deleting node -1720911968 error FALSE reason ""
*Mar  2 23:55:15.440: ISAKMP (0:10): deleting node 327213268 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): deleting node -1086291021 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): deleting node 914356287 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): deleting node 314993000 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): deleting node -1817182271 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): deleting node 1044263402 error FALSE reason ""
*Mar  2 23:55:15.444: ISAKMP (0:10): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar  2 23:55:15.444: ISAKMP (0:10): Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Mar  2 23:56:05.440: ISAKMP (0:10): purging node -1720911968
*Mar  2 23:56:05.444: ISAKMP (0:10): purging node 327213268
*Mar  2 23:56:05.444: ISAKMP (0:10): purging node -1086291021
*Mar  2 23:56:05.444: ISAKMP (0:10): purging node 914356287
*Mar  2 23:56:05.444: ISAKMP (0:10): purging node 314993000
*Mar  2 23:56:05.444: ISAKMP (0:10): purging node -1817182271
*Mar  2 23:56:05.448: ISAKMP (0:10): purging node 1044263402
*Mar  2 23:56:15.444: ISAKMP (0:10): purging SA., sa=822B807C, delme=822B807C

I hope that is enough info.  I've lost a lot of hair over "EZVPN"Start Free Trial

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:

Current configuration : 4775 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HCRT2
!
boot-start-marker
boot-end-marker
!
logging buffered 16000 debugging
no logging console guaranteed
no logging console
enable secret 5 <REMOVED>
enable password <REMOVED>
!
memory-size iomem 25
clock timezone PCTime -5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen group radius
aaa authorization network groupauthor local 
aaa session-id common
ip subnet-zero
!
!
ip domain name hollandcomputers.net
ip name-server 172.17.2.3
ip name-server 172.17.2.5
ip name-server 162.40.32.104
ip name-server 162.40.32.105
!
ip cef
ip audit po max-events 100
!
!
username administrator password 0 <REMOVED>
username VPN password 0 hcvpn5
!
!         
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
crypto isakmp client configuration address-pool local vpnpool
!
crypto isakmp client configuration group HCVPN
 key <REMOVED> <------------------ IT'S NOT "cisco" AS SOME DOCUMENTATION READS --<
 dns 172.17.2.5 172.17.2.3
 wins 172.17.2.5 172.17.2.3
 domain hollandcomputers.net
 pool vpnpool
!
!
crypto ipsec transform-set HCset esp-3des esp-sha-hmac 
!
crypto dynamic-map dynmap 10
 set transform-set HCset 
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address initiate
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap 
!
!
!
!
interface Ethernet0
 ip address 172.17.2.251 255.255.255.0
 ip nat inside
 half-duplex
!
interface FastEthernet0
 ip address 162.40.32.9 255.255.252.0
 ip nat outside
 speed auto
 crypto map clientmap
!
router eigrp 1
 auto-summary
!
ip local pool vpnpool 172.17.2.30 172.17.2.39
ip nat inside source route-map nonat interface FastEthernet0 overload
 
<IRRELEVANT NAT ENTRIES REMOVED>
 
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0
no ip http server
no ip http secure-server
!
!
!
ip access-list extended Outbound
 permit icmp any any
 permit ip any any
logging history size 500
logging history emergencies
logging trap debugging
logging 172.17.2.164
logging 162.40.32.122
access-list 110 permit ip 172.17.2.0 0.0.0.255 any
!
route-map nonat permit 10
 match ip address 110
!         
snmp-server community <REMOVED> RW
snmp-server community <REMOVED> RO
snmp-server enable traps tty
radius-server host 172.17.2.5 auth-port 1645 acct-port 1646 key <REMOVED>
!
line con 0
 password <REMOVED>
line aux 0
line vty 0 4
 password <REMOVED>
!
end