set aggressive-mode password ken
set aggressive-mode client-endpoint fqdn cisco2811
!
crypto ipsec transform-set NR500 esp-3des esp-md5-hmac
!
crypto dynamic-map DYN 10
set transform-set NR500
set pfs group5
match address 101
reverse-route
!
crypto map MAP client authentication list LOGIN
crypto map MAP 10 ipsec-isakmp dynamic DYN
!
track 1 interface FastEthernet0/0 line-protocol
!
interface Loopback0
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.111.254 255.255.255.0
ip nat outside
ip nat enable
ip virtual-reassembly
duplex full
no mop enabled
crypto map MAP
!
interface FastEthernet0/1
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.111.1
ip nat inside source list 10 interface FastEthernet0/0 overload
!
ip access-list extended VPN
permit ip 192.168.50.0 0.0.0.255 192.168.6.0 0.0.0.255
!
access-list 10 permit 192.168.5.0 0.0.0.255
access-list 101 permit ip 192.168.50.0 0.0.0.255 192.168.6.0 0.0.0.255
line con 0
line vty 5 15
end
NOVUS AUTOMATION
136/165