Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- R2_3725#sh run
- !
- aaa authentication login default local
- aaa authentication login AUTH-EZVPN local
- aaa authorization exec default local
- aaa authorization network AUTHOR-EZVPN local
- !
- ip vrf lan20
- description Traffic from VLAN20
- !
- crypto keyring Cust20-VPN vrf lan20
- pre-shared-key address 0.0.0.0 0.0.0.0 key Vasteras0
- !
- crypto isakmp policy 10
- encr 3des
- hash md5
- authentication pre-share
- group 2
- !
- crypto isakmp client configuration group EZVPN-GRP20
- key Vasteras0
- pool EZVPN-POOL
- acl EZVPN-SPLIT-ACL
- netmask 255.255.255.0
- !
- crypto isakmp profile CUST20-IKE-PROF
- vrf lan20
- keyring Cust20-VPN
- match identity group EZVPN-GRP20
- client authentication list AUTH-EZVPN
- isakmp authorization list AUTHOR-EZVPN
- client configuration address respond
- client configuration group EZVPN-GRP20
- !
- crypto ipsec transform-set EZVPN-TS esp-3des esp-md5-hmac
- !
- crypto dynamic-map EZVPN-DMAP 10
- set transform-set EZVPN-TS
- set isakmp-profile CUST20-IKE-PROF
- !
- crypto map EZVPN 10 ipsec-isakmp dynamic EZVPN-DMAP
- !
- crypto ctcp port 10001 10002 10003
- !
- interface FastEthernet0/0
- no ip address
- duplex auto
- speed auto
- !
- interface FastEthernet0/0.20
- encapsulation dot1Q 20
- ip vrf forwarding lan20
- ip address 10.100.20.250 255.255.255.0
- !
- interface FastEthernet0/1
- ip address X.X.X.149 255.255.255.128
- duplex auto
- speed 100
- crypto map EZVPN
- !
- ip local pool EZVPN-POOL 172.20.1.10 172.20.1.250
- ip forward-protocol nd
- ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 X.X.X.129
- ip route 10.100.20.0 255.255.255.0 FastEthernet0/0.20
- ip route 192.168.11.0 255.255.255.0 FastEthernet0/0.1 10.100.1.1
- ip route vrf lan10 172.30.1.0 255.255.255.0 FastEthernet0/1 X.X.X.129
- ip route vrf lan20 0.0.0.0 0.0.0.0 X.X.X.129 global
- ip route vrf lan20 172.30.2.0 255.255.255.0 X.X.X.129 global
- !
- ip access-list extended EZVPN-SPLIT-ACL
- permit ip 10.100.20.0 0.0.0.255 any log
- permit ip 10.100.10.0 0.0.0.255 any log
- !
- radius-server host 192.168.10.10 auth-port 1645 acct-port 1646
- radius-server key 7 113F18160317190D177A
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement