EZVPN Client and server

In this example Head office EZVPN LAN is 10.1.1.0/24 and Remote Office LAN is 10.101.1.0/24


-----10.1.1.0/24----ASA(EZVPN server)-----internet-----Cisco 800-----10.101.1.0/24

EZVPN server : Cisco ASA 5510


group-policy EASYVPNGroupPolicy internal
group-policy EASYVPNGroupPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage enable
ip-comp disable
re-xauth disable
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value EASYVPN_splitTunnelAcl
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout none
ip-phone-bypass disable
leap-bypass disable
nem enable
backup-servers keep-client-config

access-list EASYVPN_splitTunnelAcl extended permit ip 10.1.1.0 0.0.0.255 any

tunnel-group EASYVPNProfile type remote-access
tunnel-group EASYVPNProfile general-attributes
default-group-policy EASYVPNGroupPolicy
tunnel-group EASYVPNProfile ipsec-attributes
pre-shared-key *

crypto ipsec transform-set TRANS esp-3des esp-md5-hmac

crypto dynamic-map easyvpn 100 set transform-set TRANS
crypto dynamic-map easyvpn 100 set security-association lifetime seconds 28800
crypto dynamic-map easyvpn 100 set security-association lifetime kilobytes 4608000
crypto dynamic-map easyvpn 100 set reverse-route

crypto map outside_map 100 ipsec-isakmp dynamic easyvpn
crypto map outside_map interface outside


crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400




EZVPN Client: Cisco 800 series router

Building configuration...

Current configuration : 4899 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router800
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
!
!
!
username abc privilege 15 secret xyz

!
!
!
crypto ipsec transform-set aes-sha esp-aes esp-sha-hmac
!
crypto ipsec client ezvpn ASA
connect auto
group EASYVPNProfile key ezvpn
mode network-extension
peer X.X.X.X
!!! this username and password has to be configured on ASA
username ezvpnclient1 password ezvpn
xauth userid mode local
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN Interface
ip address 10.101.1.1 255.255.255.0
ip virtual-reassembly
ip tcp adjust-mss 1452
crypto ipsec client ezvpn ASA inside
!
interface Dialer0
description Connected to Internet
ip address negotiated
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
dialer pool 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password password
ppp pap sent-username username password password
crypto ipsec client ezvpn ASA
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list Nat interface Dialer0 overload
!
ip access-list extended Nat
deny ip 10.101.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip 10.101.1.0 0.0.0.255 any
!
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

How to search AD for particular email address.

What you will want to do is open up Active Directory Users and Computers and right-click the domain and select Search. Select the drop-down arrow in the Find field to select Custom Search. If you have multiple domains make sure to select Entire Directory on the In field. Now just click on the Advanced tab and put the following text in the LDAP Query - proxyaddresses=smtp:. Now all you have to do is click on Find Now and if the email is in use it will show the user account that is using it.