syslog enable
syslog function all warning
!
hostname WA1512
!
username admin password plain admin administrator
!
http-username admin password plain admin administrator
!
!
!
ppp profile ppp-prof
  authentication request chap-pap
  user-list user1 password plain passuser1
  user-list user-free password plain passfree
  ipcp provide-remote-dns 192.168.10.254
  ipcp provide-ip-address range 192.168.20.1 3
  ipcp provide-static-ip-address user1 192.168.20.100
!
!
ip dhcp-server enable
ip dhcp-server profile default
  default-gateway auto
  dns-server auto
  subnet-mask auto
!
!
interface GigaEthernet1.0
  ip address 192.168.10.254/24
  proxy-arp enable
  ip dhcp-server binding default
  no shutdown
!
interface L2TPE0
  ip address unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  ppp profile ppp-prof
  l2tp mode lns
  no shutdown
!
interface L2TPE1
  ip address unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  ppp profile ppp-prof
  l2tp mode lns
  no shutdown
!
interface L2TPE2
  ip address unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  ppp profile ppp-prof
  l2tp mode lns
  no shutdown
!
interface L2TPE3
  ip address unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  ppp profile ppp-prof
  l2tp mode lns
  no shutdown
!
interface Loopback0.0
  ip address 127.0.0.1/8
  no shutdown
!
interface MobileEthernet0.0
  ip address dhcp
  ip tcp adjust-mss auto
  ipsec map ipsecprof0
  ipsec map ipsecprof1
  ipsec map ipsecprof2
  ipsec map ipsecprof3
  ip napt enable
  ip napt reserve udp 500
  ip napt reserve udp 4500
  ip napt reserve esp
  mobile id IP example.jp 
  mobile username user@example.com 
  mobile password plain example 
  auto-connect
  no shutdown
!
ip route default MobileEthernet0.0
!
proxy-dns ip enable
proxy-dns server default MobileEthernet0.0 dhcp
!
!
!
ike proposal ikeprop
  encryption-algorithm aes128-cbc
  authentication-algorithm hmac-sha1
  lifetime 28800
  dh-group 1024-bit
!
ike proposal ikeprop2
  encryption-algorithm aes256-cbc
  authentication-algorithm hmac-sha1
  lifetime 28800
  dh-group 1024-bit
!
ike policy ikepol1
  mode main
  dpd-keepalive enable ph1
  proposal ikeprop ikeprop2 
  pre-shared-key plain secret
  nat-traversal enable keepalive 20
!
!
ipsec proposal ipsecprop
  protocol esp enc-algo aes128-cbc aes256-cbc 3des-cbc auth-algo hmac-sha1-96
  lifetime 28800
!
ipsec policy ipsecpol
  proposal ipsecprop
!
ipsec profile ipsecprof0
  mode transport
  ipsec policy ipsecpol
  ike policy ikepol1
  source MobileEthernet0.0
  peer any
!
ipsec profile ipsecprof1
  mode transport
  ipsec policy ipsecpol
  ike policy ikepol1
  source MobileEthernet0.0
  peer any
!
ipsec profile ipsecprof2
  mode transport
  ipsec policy ipsecpol
  ike policy ikepol1
  source MobileEthernet0.0
  peer any
!
ipsec profile ipsecprof3
  mode transport
  ipsec policy ipsecpol
  ike policy ikepol1
  source MobileEthernet0.0
  peer any
!
!
!
!
https-server ip enable
https-server ip permit 192.168.10.0/24
https-server ip permit 192.168.20.0/24
https-server ip redirect enable
!
led vpn l2tp
!
!