How to time-out vpdn sessions and add access list filtering

Discussion in 'Cisco' started by Jaime, Dec 18, 2004.

  1. Jaime

    Jaime Guest

    Hi all

    I have set up my C1760 IPSec to accept "dial-in" from Ms VPN clients.

    I would like to know:

    1) How to add an access list control ? Where can I add the "match
    address" statement ?

    2) Is there a way to time-out the connected users in order to drop
    their connection after a non-traffic delay ?

    If it helps, the config I use follows.



    version 12.3
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Ep_
    logging buffered 51200 warnings
    enable password 7 XXXXXXXX
    username XXXX password 0 xxxx
    aaa new-model
    aaa authentication login VPNAUTHEN local
    aaa authentication ppp TLlist local
    aaa authorization network VPNAUTHOR local
    aaa session-id common
    ip subnet-zero
    no ip domain lookup
    ip cef
    ip audit notify log
    ip audit po max-events 100
    vpdn enable
    vpdn-group grpTL
    ! Default PPTP VPDN group
    protocol pptp
    virtual-template 1
    no ftp-server write-enable
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$
    ip address xXx.XxX.xXx.x
    no ip redirects
    no ip proxy-arp
    speed 100
    no cdp enable
    interface Virtual-Template1
    ip unnumbered FastEthernet0/0
    peer default ip address pool TLpool
    ppp encrypt mppe auto required
    ppp authentication ms-chap ms-chap-v2 TLlist
    ip local pool TLpool
    ip classless
    ip route XxX.XxX.X.X
    ip route XxX.XxX.X.X
    ip route XxX.XxX.X.X
    ip route XxX.XxX.X.X
    ip route XxX.XxX.X.X XxX.XxX.X.X
    no ip http server
    no ip http secure-server
    ip access-list extended addr-pool
    ip access-list extended dns-servers
    ip access-list extended firewall
    ip access-list extended group-lock
    ip access-list extended idletime
    ip access-list extended inacl
    ip access-list extended include-local-lan
    ip access-list extended key-exchange
    ip access-list extended protocol
    ip access-list extended save-password
    ip access-list extended service
    ip access-list extended timeout
    ip access-list extended tty6
    ip access-list extended tty7
    ip access-list extended tunnel-password
    ip access-list extended wins-servers
    no cdp run
    line con 0
    line aux 0
    line vty 0 4
    access-class 22 in
    exec-timeout 120 0
    logging synchronous
    login authentication xxxx
    transport input telnet
    line vty 5 15
    access-class 11 in
    privilege level 15
    transport input telnet ssh
    Jaime, Dec 18, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.