[Cisco] Config Cisco เป็น VPN/IPSec Server

ผมใช้ VPN Client ของ Cisco connect มาที่ Cisco7200 ip x.x.x.x เพื่อใช้ resource ที่อยู่ใน LAN
Group = CISCO_GROUP
Group Password = cisco_group
Username = cisco
Password = cisco

aaa authentication login vpn_authen local
aaa authorization network vpn_group_authen local
!
username cisco password cisco
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group CISCO_GROUP
key cisco_group
pool VPN_CLIENT_POOL
acl 102
!
crypto ipsec transform-set vpn_client esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto dynamic-map dynmap 50
set transform-set vpn_client
reverse-route
!
crypto map vpn client authentication list vpn_authen
crypto map vpn isakmp authorization list vpn_group_authen
crypto map vpn client configuration address respond
crypto map vpn 50 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
description ## LAN ##
ip address 172.31.1.254 255.255.255.0
duplex half
!
interface Serial0/0
description ## Internet ##
ip address x.x.x.x y.y.y.y
crypto map vpn
!
ip local pool VPN_CLIENT_POOL 172.31.3.1 172.31.3.10
!
access-list 102 permit ip 172.31.1.0 0.0.0.255 172.31.3.0 0.0.0.255
!