access-list 101 permit ip 172.16.0.0 255.255.0.0 10.1.1.0 255.255.255.0
ip local pool ippool 10.1.1.1-10.1.1.80 mask 255.255.255.0
nat (inside) 0 access-list 101
aaa-server host protocol radius
aaa-server host (inside) host 172.16.10.1 Cisco12345 timeout 5
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap client authentication host
crypto map mymap interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
group-policy vpn3000 internal
group-policy vpn3000 attributes
dns-server value 172.16.10.1
default-domain value company.com
username vpn3000 password VPN2010 encrypted
tunnel-group DefaultRAGroup general-attributes
authentication-server-group (outside) host
tunnel-group vpn3000 type ipsec-ra
tunnel-group vpn3000 general-attributes
address-pool ippool
authentication-server-group vpn
default-group-policy vpn3000
tunnel-group vpn3000 ipsec-attributes
pre-shared-key Cisco12345
access-list split_tunnel_list standard permit 172.16.0.0 255.255.0.0
group-policy vpn3000 attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_list
tunnel-group vpn3000 general attributes
default-group-policy vpn3000
write mem or copy running-config startup-config
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)