Here are the important pieces of the puzzle…
Router:
aaa new-model ! ! aaa authentication login default group radius aaa authentication login userauthen group radius aaa authorization network groupauthor local ! aaa session-id common ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpnclient key remote dns 10.0.0.10 domain techish.net pool ippool acl 105 ! ! crypto ipsec transform-set myset esp-3des esp-sha-hmac crypto dynamic-map dynmap 10 set transform-set myset ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/1 ip address dhcp ip nat outside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto crypto map clientmap ! ip radius source-interface FastEthernet0/1 ! ! Split tunnel VPN traffic access-list 105 permit ip 10.0.0.0 0.0.0.255 172.16.0.0 0.0.0.255 radius-server host 10.147.204.12 auth-port 1645 acct-port 1646 key cisco
Windows Server 2003 IAS:
Screenshots soon…