I needed to get a template for setting up client access VPN on some ISR's running IOS 12.4. The Cisco VPN Client will be installed and used for VPN access on the client machines.

Here is the rundown.

• Private Network (10.1.0.0/16)
• Public Interface (FastEthernet0/0)
• Users to be authenticated using local user accounts
• Using a shared key (mykey) and VPN Group (vpngroup)
  
• Loopback interface used for VPN network (10.1.254.0/29) to support a max of 14 clients
• Split Tunneling so users only use the VPN to access the private network (10.1.0.0/16) and use their existing internet connection for everything else.

aaa new-model
aaa authentication login userauth local
aaa authorization network groupauth local

username myusername password 0 mypassword

interface Loopback0
 description VPN
 ip address 10.1.254.1 255.255.255.240
!
crypto isakmp policy 1
encryption 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group vpngroup
key mykey
dns 4.2.2.2 4.2.2.3
domain mydomain.com
pool vpnpool
acl 101
!
crypto ipsec transform-set vpn esp-3des esp-md5-hmac
!
crypto dynamic-map dynmap 10
set transform-set vpn
reverse-route
!
crypto map vpn-map client authentication list userauth
crypto map vpn-map isakmp authorization list groupauth
crypto map vpn-map client configuration address respond
crypto map vpn-map 10 ipsec-isakmp dynamic dynmap
!
interface FastEthernet0/0
crypto map vpn-map
!
ip local pool vpnpool 10.1.254.2 10.1.254.14
!
access-list 101 permit ip 10.1.0.0 0.0.255.255 any