hostname wa1512 ! username admin password plain admin administrator ! http-username admin password plain admin administrator ! ip dhcp-server enable ip dhcp-server profile default assignable-range 192.168.10.1 50 default-gateway auto dns-server auto subnet-mask auto ! ppp profile lns authentication request chap-pap user-list l2tp-user password plain l2tp-pass ipcp provide-remote-dns 192.168.10.254 ipcp provide-ip-address range 192.168.20.1 10 ! interface MobileEthernet0.0 ip address dhcp ip tcp adjust-mss auto ipsec map ipsecprof1 auto-connect ip napt enable ip napt reserve icmp ip napt reserve esp ip napt reserve udp 500 ip napt reserve udp 4500 mobile id IP example.jp mobile username user@example.com mobile password plain example no shutdown ! interface GigaEthernet1.0 ip address 192.168.10.254/24 proxy-arp enable ip dhcp-server binding default no shutdown ! interface L2TPE0 ip address 192.168.10.253/32 ip tcp adjust-mss auto ppp profile lns l2tp mode lns l2tp client-isolation enable no shutdown ! ip route default MobileEthernet0.0 ! proxy-dns ip enable proxy-dns server default MobileEthernet0.0 dhcp ! ike proposal ikeprop encryption-algorithm aes256-cbc authentication-algorithm hmac-sha1 lifetime 28800 dh-group 2048-bit ! ike proposal ikeprop2 encryption-algorithm aes256-cbc authentication-algorithm hmac-sha2-256 lifetime 28800 dh-group 1024-bit ! ike policy ikepol1 mode main dpd-keepalive enable ph1 20 3 proposal ikeprop ikeprop2 pre-shared-key plain secret nat-traversal enable keepalive 20 ! ipsec proposal ipsecprop protocol esp enc-algo des-cbc aes256-cbc auth-algo hmac-sha1-96 hmac-sha2-256 lifetime 28800 ! ipsec policy ipsecpol proposal ipsecprop ! ipsec profile ipsecprof1 mode transport ipsec policy ipsecpol ike policy ikepol1 source MobileEthernet0.0 peer any ! nm ip enable nm account example password plain testtest nm sitename example-office ! https-server ip enable https-server ip permit 192.168.10.0/24 https-server ip permit 192.168.20.0/24 https-server ip redirect enable ! led vpn l2tp !