Untitled

R2_3725#sh run
!
aaa authentication login default local
aaa authentication login AUTH-EZVPN local
aaa authorization exec default local
aaa authorization network AUTHOR-EZVPN local
!
ip vrf lan20
 description Traffic from VLAN20
!
crypto keyring Cust20-VPN vrf lan20
  pre-shared-key address 0.0.0.0 0.0.0.0 key Vasteras0
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group EZVPN-GRP20
 key Vasteras0
 pool EZVPN-POOL
 acl EZVPN-SPLIT-ACL
 netmask 255.255.255.0
!
crypto isakmp profile CUST20-IKE-PROF
   vrf lan20
   keyring Cust20-VPN
   match identity group EZVPN-GRP20
   client authentication list AUTH-EZVPN
   isakmp authorization list AUTHOR-EZVPN
   client configuration address respond
   client configuration group EZVPN-GRP20
!
crypto ipsec transform-set EZVPN-TS esp-3des esp-md5-hmac
!
crypto dynamic-map EZVPN-DMAP 10
 set transform-set EZVPN-TS
 set isakmp-profile CUST20-IKE-PROF
!
crypto map EZVPN 10 ipsec-isakmp dynamic EZVPN-DMAP
!
crypto ctcp port 10001 10002 10003
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding lan20
 ip address 10.100.20.250 255.255.255.0
!
interface FastEthernet0/1
 ip address X.X.X.149 255.255.255.128
 duplex auto
 speed 100
 crypto map EZVPN
!
ip local pool EZVPN-POOL 172.20.1.10 172.20.1.250
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 X.X.X.129
ip route 10.100.20.0 255.255.255.0 FastEthernet0/0.20
ip route 192.168.11.0 255.255.255.0 FastEthernet0/0.1 10.100.1.1
ip route vrf lan10 172.30.1.0 255.255.255.0 FastEthernet0/1 X.X.X.129
ip route vrf lan20 0.0.0.0 0.0.0.0 X.X.X.129 global
ip route vrf lan20 172.30.2.0 255.255.255.0 X.X.X.129 global
!
ip access-list extended EZVPN-SPLIT-ACL
 permit ip 10.100.20.0 0.0.0.255 any log
 permit ip 10.100.10.0 0.0.0.255 any log
!
radius-server host 192.168.10.10 auth-port 1645 acct-port 1646
radius-server key 7 113F18160317190D177A