## aaa authentication and authorization

aaa authentication login userauth group radius local
aaa authorization network AUTH local

## phase 1 proposal

crypto isakmp policy 1
 encr aes 256
 authentication pre-share
 group 2

crypto isakmp client configuration group XXXX 	; group name ( VPN client )
 key XXXX					; group key  ( VPN client )				
 acl split-tunnel				; acl for split tunneling

crypto isakmp profile VPN
   match identity group main	 	 ;above
   client authentication list userauth	 ;aaa authentication 
   isakmp authorization list AUTH	 ;aaa authorization
   client configuration address initiate 
   client configuration address respond

## phase 2 proposal

crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac

## client address pool

crypto isakmp client configuration address-pool local vpn-pool
ip local pool vpn-pool 			;ip pool from-to

## dynamic map for crypto map

crypto dynamic-map MAP 1
 set transform-set TRANSFORM 
 set isakmp-profile VPN

## maping dynamic map to crypto map

crypto map INTMAP 10 ipsec-isakmp dynamic MAP

## set crypto map to outgoing interface

crypto map INTMAP

## acl for cplit tunneling

ip access-list extended split-tunnel
 permit ip from ip subnet to ip subnet