ip local pool 1c-admin 10.10.13.9 10.10.13.14 crypto isakmp client configuration group 1c-admin key XXXXXXXXXXXXXXXXXXXXX pool 1c-admin acl buh-admin-access save-password include-local-lan crypto isakmp profile 1c-admin-isakmp description --1c-admin-- match identity group 1c-admin client authentication list Userlist isakmp authorization list groupauthor client configuration address respond virtual-template 4 crypto ipsec profile 1c-admin-ezvpn set transform-set aes-sha aes256-sha set isakmp-profile 1c-admin-isakmp crypto dynamic-map IPSEC 97 set transform-set aes256-sha set isakmp-profile 1c-admin-isakmp reverse-route interface Virtual-Template4 type tunnel ip unnumbered GigabitEthernet0/0 ip nat inside ip virtual-reassembly in tunnel mode ipsec ipv4 tunnel protection ipsec profile 1c-admin-ezvpn ip access-list extended buh-admin-access permit tcp host 192.168.170.5 10.10.13.8 0.0.0.7 eq 139 445 domain permit udp host 192.168.170.5 10.10.13.8 0.0.0.7 eq domain permit tcp host 192.168.170.6 10.10.13.8 0.0.0.7 eq 139 445 1433 3389 permit tcp host 192.168.170.6 10.10.13.8 0.0.0.7 range 1540 1591 permit tcp host 192.168.170.11 10.10.13.8 0.0.0.7 eq domain 135 137 138 139 445 389 636 3268 permit tcp host 192.168.170.11 10.10.13.8 0.0.0.7 eq 3269 88 1512 42 permit udp host 192.168.170.11 10.10.13.8 0.0.0.7 eq 135 netbios-ns netbios-dgm 445 389 88 domain 1512 nameserver interface GigabitEthernet0/0 description PrimaryLAN ip address 192.168.170.1 255.255.255.0 ip directed-broadcast ip nat inside ip virtual-reassembly in duplex auto speed auto end