ip local pool WebVPN_LocalPool SOME.IP.ADDR.SUBNET-SOME.IP.ADDR.SUBNET mask 255.255.255.0
access-list WebVPN_SplitTunnelList standard permit SOME.IP.ADDR.SUBNET 255.255.255.0
 
webvpn
 svc image disk0:/sslclient-win-1.1.4.179-anyconnect.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 enable outside
 port-forward portforward 1022 SOME.IP.ADDR.STATIC ssh internal_ssh
 tunnel-group-list enable
 svc enable
 
sysopt connection permit-vpn
 
group-policy WebVPN_GroupPolicy internal
 
group-policy WebVPN_GroupPolicy attributes
 vpn-tunnel-protocol svc
 !Windows uses its own adapter
 !Mac will update resolv.conf
 !dns-server value DNS1 DNS2
 !default-domain value sub.domain.com
 address-pools value WebVPN_LocalPool
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value WebVPN_SplitTunnelList
 webvpn
  port-forward name portforward
  port-forward auto-start portforward
  svc keep-installer installed
  svc rekey time 30
  svc rekey method ssl
  svc ask none default svc
  !port-forward value portforward
  !port-forward-name value Secure Router Access
 
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 
tunnel-group WebVPN_TunnelGroup type remote-access
tunnel-group WebVPN_TunnelGroup general-attributes
 default-group-policy WebVPN_GroupPolicy
 tunnel-group WebVPN_TunnelGroup webvpn-attributes
 group-alias WebVPN_TunnelGroup enable
 
username webvpn password xxx nt-encrypted privilege 1
username webvpn attributes
 vpn-group-policy WebVPN_GroupPolicy
 service-type remote-access

yum install pptp pptp-setup -y
pptpsetup --create PPTP_VPN --server PUB.IP.ADDR.HERE --username VPN_USER --encrypt
pppd call PPTP_VPN

vpdn enable
 
vpdn-group VPN_PPTP
accept-dialin
protocol pptp
 
virtual-template 1
 
interface virtual-template1
ip unnumbered FastEthernet0
peer default ip address pool VPN_PPTP_DEFAULT_IP_POOL
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
 
ip local pool VPN_PPTP_DEFAULT_IP_POOL 192.168.1.10 192.168.1.12
 
aaa new-model
aaa authentication ppp default local

 
!!!ASA DEVICE:
access-list VPN_SITE_TO_SITE_IPSEC_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
access-list ASA_NONAT extended permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
 
global (outside) 1 interface
nat (inside) 0 access-list ASA_NONAT
 
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 match address VPN_SITE_TO_SITE_IPSEC_TRAFFIC
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set peer PUB.IP.ADDR.HERE
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP interface outside
crypto isakmp enable outside
 
crypto isakmp policy 12
 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
 
tunnel-group PUB.IP.ADDR.HERE type ipsec-l2l
tunnel-group PUB.IP.ADDR.HERE ipsec-attributes
 pre-shared-key VPN_PRE_SHARED_KEY
 
!!! IOS DEVICE:
crypto isakmp policy 12
 hash md5
 authentication pre-share
 
crypto isakmp key VPN_PRE_SHARED_KEY address PUB.IP.ADDR.HERE PUB.IP.SUBNET.HERE
crypto ipsec transform-set VPN_SITE_TO_SITE_TRANS_SET esp-des esp-md5-hmac
crypto dynamic-map VPN_SITE_TO_SITE_DYNAMIC_MAP 12
 set transform-set VPN_SITE_TO_SITE_TRANS_SET
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP 12 ipsec-isakmp dynamic VPN_SITE_TO_SITE_DYNAMIC_MAP
 
int FastEthernet0/1
crypto map VPN_SITE_TO_SITE_CRYPTO_MAP
 
int FastEthernet0/0
ip nat inside
 
ip nat inside source list 190 interface FastEthernet0/1 overload
 
no access-list 190
access-list 190 deny ip 10.0.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 190 permit ip 10.0.0.0 0.0.0.255 any