问Cisco中简单的公路战士IPv4 VPN配置

EN

aaa new-model

! Create a vpn-users DB that points to the local auth service
aaa authentication login vpn-users local
aaa authorization network vpn-users local

! any local user will be allowed to use the VPN
username fred secret 5 SECRET

! Create an ISAKMP policy that handles the ISAKMP negotiation process
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp keepalive 120 15
crypto isakmp xauth timeout 60

! Group policy for ISAKMP
crypto isakmp client configuration group default
 key PLAINTEXT_KEY
 dns LOCAL_DNS_SERVERS
 domain LOCAL_DOMAIN
 pool vpn-dynamic-pool

! VPN clients will be assigned addresses out of this pool
ip local pool vpn-dynamic-pool 192.168.2.1 192.168.2.254

! Create transform sets that specify how the actual IPSEC traffic will be encrypted
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-LZS esp-aes esp-sha-hmac comp-lzs

! Create IPSEC policies - any negotiated transform scheme must be specified
! in the map below
crypto dynamic-map vpn-dynamic-map 1
 set transform-set ESP-AES-128-SHA-LZS
crypto dynamic-map vpn-dynamic-map 2
 set transform-set ESP-AES-128-SHA

! 
crypto map vpn-dynamic client authentication list vpn-users
crypto map vpn-dynamic client configuration address respond
crypto map vpn-dynamic isakmp authorization list vpn-users
crypto map vpn-dynamic 1 ipsec-isakmp dynamic vpn-dynamic-map

! Apply the IPSEC map to the external interface
interface ExternalInterface/0
 crypto map vpn-dynamic