Kingsley, I labbed your case and it worked, my scheme:
ACS--10.0.0.0/24---R2---136.1.23.0/24----R3---136.1.100.0----PC Configs: RIP between R2&R3 Default route on ACS to R2 Default route on PC to R3 R3 config: Rack1R3(config)#do sh run | s aaa|crypto aaa new-model aaa authentication login con none aaa authentication login vty line aaa authentication login ezvpn local aaa authorization network ezvpn local aaa session-id common crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 crypto isakmp client configuration group DHCP key cisco dns 10.0.0.100 domain INE.com acl ezacl dhcp server 10.0.0.100 dhcp giaddr 20.0.0.10 crypto isakmp profile isapro1 match identity group DHCP client authentication list ezvpn isakmp authorization list ezvpn client configuration address respond client configuration group DHCP virtual-template 1 crypto ipsec transform-set ezset esp-3des esp-md5-hmac crypto ipsec profile ipspro1 set transform-set ezset set reverse-route tag 100 set isakmp-profile isapro1 ! interface Loopback1 ip address 20.0.0.10 255.255.255.0 ! router rip redistribute connected ! ip access-list extended ezacl permit ip 10.0.0.0 0.0.0.255 any ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0/1 tunnel mode ipsec ipv4 tunnel protection ipsec profile ipspro1 ACS's ip 10.0.0.100, dhcp zone configured on it 20.0.0.1-20.0.0.254, excluded addresses 20.0.0.1-20.0.0.10 PC client received IP 20.0.0.11 & i see it allocated in dhcp console. -- Best regards, Andrey
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
