!
username /username/ secret ******
!
aaa new-model
!
aaa authentication login userauthen group local
aaa authorization network groupauthor local
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2   
!
crypto isakmp client configuration address-pool local cisco_client_pool
!
crypto isakmp client configuration group /groupname/
 key ******
 dns 1.1.1.1
 domain kb.local
 pool cisco_client_pool
 acl 150
!
crypto dynamic-map dynmap 10
 set transform-set KBSET
 reverse-route
!    
crypto ipsec security-association lifetime seconds 10980
!
crypto ipsec transform-set KBSET esp-aes 256 esp-sha-hmac
crypto ipsec df-bit clear      
! 
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap 
!      
ip local pool cisco_client_pool 192.168.2.10 192.168.2.20
!
access-list 150 remark ------- Split Tunnel Cisco VPN Client -------
access-list 150 permit ip 192.168.1.0 0.0.0.255 any
access-list 150 remark ------- Split Tunnel Cisco VPN Client -------  
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
 ip nat inside  
!
Interface Dialer 1
 ip access-group Input-Traf1 in
 ip nat outside
 crypto map clientmap
 ...
!
ip access-list extended NAT
 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 any
!   
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list extended Input-Traf1
 remark -------- TRAF LIST ---------
 permit esp any any
 permit udp any any eq isakmp
 permit udp any any eq non500-isakmp 
 permit tcp any any eq 2222 log
 permit icmp any any unreachable
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 permit icmp any any echo
 deny   ip any any
 remark -------- TRAF LIST ---------
!