hostname c2680
aaa new-model
aaa authentication login VPNAUTH local
aaa authorization network VPNAUTH local
!
username user1 password 0 qweasd
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp keepalive 30 5
!
crypto isakmp client configuration group grupa1
 key qwerty
 pool VPNUSERS
 acl 101
!
crypto ipsec transform-set TRANSFORM esp-3des esp-sha-hmac
crypto dynamic-map mymap 10
 set transform-set TRANSFORM
 reverse-route
!
crypto map mymap client authentication list VPNAUTH
crypto map mymap isakmp authorization list VPNAUTH
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic mymap
!

interface FastEthernet0/0
 ip address 83.19.73.234 255.255.255.248
 ip nat outside
 crypto map mymap
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
!

ip local pool VPNUSERS 192.168.168.1 192.168.168.62
ip nat inside source list 100 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 83.19.73.233

access-list 100 deny   ip 192.168.200.0 0.0.0.255 192.168.168.0 0.0.0.63
access-list 100 permit ip 192.168.200.0 0.0.0.255 any
access-list 101 permit ip 192.168.168.0 0.0.0.63 192.168.200.0 0.0.0.255
access-list 101 permit ip 192.168.200.0 0.0.0.255 192.168.168.0 0.0.0.63
