How to time-out vpdn sessions and add access list filtering

Discussion in 'Cisco' started by Jaime, Dec 18, 2004.

  1. Jaime

    Jaime Guest

    Hi all

    I have set up my C1760 IPSec to accept "dial-in" from Ms VPN clients.

    I would like to know:

    1) How to add an access list control ? Where can I add the "match
    address" statement ?

    2) Is there a way to time-out the connected users in order to drop
    their connection after a non-traffic delay ?

    If it helps, the config I use follows.

    Thanks

    Jaime


    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Ep_
    !
    logging buffered 51200 warnings
    enable password 7 XXXXXXXX
    !
    username XXXX password 0 xxxx
    aaa new-model
    !
    !
    aaa authentication login VPNAUTHEN local
    aaa authentication ppp TLlist local
    aaa authorization network VPNAUTHOR local
    aaa session-id common
    ip subnet-zero
    !
    !
    no ip domain lookup
    !
    !
    ip cef
    ip audit notify log
    ip audit po max-events 100
    vpdn enable
    !
    vpdn-group grpTL
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    no ftp-server write-enable
    !
    !
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address xXx.XxX.xXx.x 255.255.255.248
    no ip redirects
    no ip proxy-arp
    speed 100
    full-duplex
    no cdp enable
    !
    interface Virtual-Template1
    ip unnumbered FastEthernet0/0
    peer default ip address pool TLpool
    ppp encrypt mppe auto required
    ppp authentication ms-chap ms-chap-v2 TLlist
    !
    !
    ip local pool TLpool 192.168.57.1 192.168.57.10
    ip classless
    ip route 0.0.0.0 0.0.0.0 XxX.XxX.X.X
    ip route 172.16.89.0 255.255.255.0 XxX.XxX.X.X
    ip route 192.168.28.0 255.255.255.0 XxX.XxX.X.X
    ip route 192.168.101.0 255.255.255.0 XxX.XxX.X.X
    ip route XxX.XxX.X.X 255.255.255.255 XxX.XxX.X.X
    no ip http server
    no ip http secure-server
    !
    !
    !
    ip access-list extended addr-pool
    ip access-list extended dns-servers
    ip access-list extended firewall
    ip access-list extended group-lock
    ip access-list extended idletime
    ip access-list extended inacl
    ip access-list extended include-local-lan
    ip access-list extended key-exchange
    ip access-list extended protocol
    ip access-list extended save-password
    ip access-list extended service
    ip access-list extended timeout
    ip access-list extended tty6
    ip access-list extended tty7
    ip access-list extended tunnel-password
    ip access-list extended wins-servers
    no cdp run
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    access-class 22 in
    exec-timeout 120 0
    logging synchronous
    login authentication xxxx
    transport input telnet
    line vty 5 15
    access-class 11 in
    privilege level 15
    transport input telnet ssh
    !
     
    Jaime, Dec 18, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PS2 gamer
    Replies:
    6
    Views:
    6,883
    Hansang Bae
    Jun 9, 2004
  2. John Doe
    Replies:
    2
    Views:
    394
    John Doe
    Oct 20, 2006
  3. paeengi8
    Replies:
    0
    Views:
    821
    paeengi8
    Jun 25, 2007
  4. Southern Kiwi
    Replies:
    6
    Views:
    2,199
    Southern Kiwi
    Mar 19, 2006
  5. Replies:
    2
    Views:
    727
    Daniel-G
    Jun 26, 2010
Loading...

Share This Page