Cisco Cisco 4G LTE Enhanced High-Speed WAN Interface Cards for Europe
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 49 of 63
acl 111
!
!
crypto ipsec transform-set set1 esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 1
set transform-set set1
!
!
crypto map dynmap isakmp authorization list hw-client-groupname
crypto map dynmap client configuration address respond
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!Easy VPN server side configuration. ACL 111 defines the allowed traffic to be
encrypted
encrypted
!from the ezvpn client and is negotiated during IPsec tunnel setup
!
interface GigabitEthernet0/0
ip address 128.107.248.243 255.255.255.224
ip nat outside
crypto map dynmap
!
!Crypto map is applied on the WAN interface of the server.
!
interface GigabitEthernet0/1
ip address 10.11.0.1 255.255.255.0
ip nat inside
!
ip local pool dynpool 10.11.0.50 10.11.0.100
!
!Define the local pool to give IP address to the remote ezvpn clients
!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 128.107.248.254
!
access-list 101 permit ip 13.1.1.0 0.0.0.255 any
access-list 111 permit ip 10.11.0.0 0.0.0.255 10.13.0.0 0.0.0.255
!