crypto-local pki TrustedCA CompanyX_Root ca_root.cer crypto-local pki IntermediateCA CompanyX_Intermediate intermediate_CompanyX.cer crypto-local pki ServerCert CompanyX_Aruba aruba.cer crypto-local pki rcp "CompanyX_Intermediate" revocation-check none ! crypto-local pki rcp "CompanyX_Root" revocation-check none ! ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0 ip access-list session VIAVPN any any any permit ! user-role CompanyX_VIAVPN pool l2tp CompanyX-VIA_VPAN via "VIAVPN" access-list session VIAVPN ! interface vlan 22 ip address 172.20.22.254 255.255.255.0 ! crypto isakmp key "******" address 0.0.0.0 netmask 0.0.0.0 crypto-local isakmp server-certificate "CompanyX_Aruba" crypto-local isakmp ca-certificate "CompanyX_Root" crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac crypto ipsec transform-set default-aes esp-aes256 esp-sha-hmac crypto dynamic-map default-dynamicmap 10000 set transform-set "default-transform" "default-aes" ! crypto-local isakmp certificate-group server-certificate "CompanyX_Aruba" ca-certificate "CompanyX_Root" crypto isakmp groupname CompanyXvpn crypto isakmp eap-passthrough eap-tls crypto isakmp eap-passthrough eap-peap crypto isakmp eap-passthrough eap-mschapv2 ip local pool "CompanyX-VIA_VPAN" 172.20.22.50 172.20.22.253 vpdn group l2tp client configuration dns XXXX XXXXX no ppp authentication PAP ppp authentication MSCHAP ppp authentication MSCHAPv2 ppp authentication EAP ! aaa authentication-server radius "Radius02" host "X.X.X.X" key 63069cd7c6d3201eb740eb7a8448c1e7caff4003d332d1bb79561fcedd700c85b181a6a75860b85d079f970eb7041c33be2e17b46bf1edf601666f9e78fee5bf53b9b7731644ef4222fce6d67147929e ! aaa server-group "default" auth-server Internal set role condition role value-of ! aaa server-group "CompanyX_VIAVPN" auth-server Radius02 ! aaa authentication via connection-profile "default" server addr "X.X.X.X" internal-ip 172.20.1.1 desc "VIA Server" position 0 tunnel address 172.20.0.0 netmask 255.255.0.0 ikev2auth eap-tls dns-suffix-list "XX" ! aaa authentication via connection-profile "VIAVPN" server addr "X.X.X.X" internal-ip 172.20.1.1 desc "VIA VPN" position 0 auth-profile "VIAVPN" position 0 tunnel address 172.20.0.0 netmask 255.255.0.0 ikev2-policy "10007" ikev2-proto auto-launch-supplicant no validate-server-cert dns-suffix-list "XX" support-email "XX" ! aaa authentication via web-auth "default" auth-profile "VIAVPN" position 0 ! aaa authentication stateful-dot1x ! aaa authentication via auth-profile "default" default-role "CompanyX_VIAVPN" server-group "CompanyX - Netwerk_srvgrp-hes66" desc "VIA VPN" ! aaa authentication via auth-profile "VIAVPN" default-role "CompanyX_VIAVPN" server-group "CompanyX_VIAVPN" no cert-cn-lookup ! aaa authentication wired ! web-server switch-cert "CompanyX_Aruba" captive-portal-cert "CompanyX_Aruba" !