R2: sh run

R2_3725#sh run
!
hostname R2_3725
!
aaa new-model
!
aaa authentication login default local
aaa authentication login AUTH-EZVPN group radius local
aaa authorization exec default local
aaa authorization network AUTHOR-EZVPN local
!
ip vrf lan20
 description Traffic from VLAN20
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
!
crypto isakmp client configuration group EZVPN-GRP20
 key Vasteras0
 pool EZVPN-POOL
 acl EZVPN-SPLIT-ACL
 netmask 255.255.255.0
!
crypto isakmp profile CUST20-IKE-PROF
   match identity group EZVPN-GRP20
   client authentication list AUTH-EZVPN
   isakmp authorization list AUTHOR-EZVPN
   client configuration address respond
   client configuration group EZVPN-GRP20
   virtual-template 20
!
crypto ipsec transform-set EZVPN-TS esp-3des esp-md5-hmac
!
crypto ipsec profile CUST20-IPSEC-PROF
 set transform-set EZVPN-TS
 set isakmp-profile CUST20-IKE-PROF
!
crypto ctcp port 10001 10002 10003
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding lan20
 ip address 10.100.20.250 255.255.255.0
!
interface FastEthernet0/1
 ip address X.X.X.149 255.255.255.128
 duplex auto
 speed 100
!
interface Virtual-Template20 type tunnel
 ip vrf forwarding lan20
 ip unnumbered FastEthernet0/1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile CUST20-IPSEC-PROF
!
ip local pool EZVPN-POOL 172.20.1.10 172.20.1.250
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 X.X.X.129
ip route vrf lan20 0.0.0.0 0.0.0.0 FastEthernet0/1 X.X.X.129
ip route vrf lan20 172.30.2.0 255.255.255.0 FastEthernet0/1 X.X.X.129
!
ip access-list extended EZVPN-SPLIT-ACL
 permit ip 10.100.10.0 0.0.0.255 172.30.1.0 0.0.0.255 log
 permit ip 10.100.20.0 0.0.0.255 172.30.2.0 0.0.0.255 log
!
radius-server host 192.168.10.10 auth-port 1645 acct-port 1646
radius-server key 7 *****