Cisco Router 891 , Cisco Remote VPN Client
!
interface GigabitEthernet0
description ** WAN Internet Link ***
ip address 38.93.235.182 255.255.255.128
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map EXT_MAP
!
interface Vlan1
ip address 192.168.110.10 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local pool VPN_CLIENT_POOL 192.168.200.20 192.168.200.100
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source route-map NAT_INT interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 38.93.235.254
!
a
access-list 101 deny ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip 192.168.110.0 0.0.0.255 any
access-list 101 permit ip 192.168.111.0 0.0.0.255 any
access-list 101 permit ip 192.168.112.0 0.0.0.255 any
access-list 101 permit ip 192.168.113.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 110 permit ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
!
!
!
!
route-map NAT_INT permit 1
match ip address 101
!
!
aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
username admin privilege 15 password 0 admin2015
username vpnuser secret 5 XXXXXXXX
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group vpnuser
key admin@2015
dns 8.8.8.8
domain turbo.com
pool VPN_CLIENT_POOL
acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list ciscocp_vpn_xauth_ml_1
crypto map EXT_MAP isakmp authorization list ciscocp_vpn_group_ml_1
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
!
interface GigabitEthernet0
description ** WAN Internet Link ***
ip address 38.93.235.182 255.255.255.128
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map EXT_MAP
!
interface Vlan1
ip address 192.168.110.10 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local pool VPN_CLIENT_POOL 192.168.200.20 192.168.200.100
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source route-map NAT_INT interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 38.93.235.254
!
a
access-list 101 deny ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 101 permit ip 192.168.110.0 0.0.0.255 any
access-list 101 permit ip 192.168.111.0 0.0.0.255 any
access-list 101 permit ip 192.168.112.0 0.0.0.255 any
access-list 101 permit ip 192.168.113.0 0.0.0.255 any
access-list 101 deny ip any any
access-list 110 permit ip 192.168.110.0 0.0.0.255 192.168.200.0 0.0.0.255
!
!
!
!
route-map NAT_INT permit 1
match ip address 101
!
!
aaa new-model
!
!
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
username admin privilege 15 password 0 admin2015
username vpnuser secret 5 XXXXXXXX
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
!
crypto isakmp client configuration group vpnuser
key admin@2015
dns 8.8.8.8
domain turbo.com
pool VPN_CLIENT_POOL
acl 110
!
!
crypto ipsec transform-set TRANS_3DES_SHA esp-3des esp-sha-hmac
!
crypto dynamic-map EXT_DYNAMIC_MAP 10
set transform-set TRANS_3DES_SHA
!
!
crypto map EXT_MAP client authentication list ciscocp_vpn_xauth_ml_1
crypto map EXT_MAP isakmp authorization list ciscocp_vpn_group_ml_1
crypto map EXT_MAP client configuration address respond
crypto map EXT_MAP 10 ipsec-isakmp dynamic EXT_DYNAMIC_MAP
!
!
!
