Search This Blog

Thursday, November 17, 2011

aaa authentication login WHOAMI local enable
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local

crypto isakmp client configuration group VPN_SALES
key xxxxx
dns 202.188.1.5 202.188.0.133
wins 192.168.100.3
domain TEST.COM.MY
pool SDM_POOL_1
acl 102
max-logins 2
netmask 255.255.255.0


crypto ipsec transform-set TRANSFORMERS esp-3des esp-md5-hmac

crypto dynamic-map DYNAMIC 1
set security-association idle-time 1800
set transform-set TRANSFORMERS
reverse-route


crypto map CRYPTO_MAP client authentication list sdm_vpn_xauth_ml_1
crypto map CRYPTO_MAP isakmp authorization list sdm_vpn_group_ml_1
crypto map CRYPTO_MAP client configuration address respond
crypto map CRYPTO_MAP 65535 ipsec-isakmp dynamic DYNAMIC

interface Dialer11
description CONNECT USING SDSL
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 11
dialer idle-timeout 0
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxx
crypto map CRYPTO_MAP


ip nat inside source route-map DENY_VPN_ALLOW interface Dialer11 overload

route-map DENY_VPN_ALLOW permit 1
match ip address 103

access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.10
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.11
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.12
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.13
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.14
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.15
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.16
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.17
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.18
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.19
access-list 103 deny ip 192.168.100.0 0.0.0.255 host 172.16.1.20
access-list 103 permit ip 192.168.100.0 0.0.0.255 any
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)