VPN-Router#sh run 
Building configuration...


!
hostname VPN-Router

aaa new-model
!
aaa authentication login l2tp group radius
aaa authentication ppp l2tp group radius
aaa authorization network l2tp group radius 
aaa accounting network l2tp start-stop group radius
!
aaa session-id common
                
vpdn enable
vpdn tunnel accounting network l2tp
vpdn session accounting network l2tp
!         
vpdn-group l2tp
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 no l2tp tunnel authentication
!!         
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2  
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
!         
!         
crypto ipsec transform-set ms_ipsec esp-3des esp-sha-hmac 
 mode transport
!         
crypto dynamic-map DYNMAP 1
 set nat demux
 set transform-set ms_ipsec 
!                  
crypto map ipsec_isakmp_map 6000 ipsec-isakmp dynamic DYNMAP 
!         
         
interface Loopback0
 ip address 172.16.1.1 255.255.255.0
!         
interface FastEthernet0/0
 ip address 192.168.120.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex half
!         
interface FastEthernet1/0
 ip address *.*.*.* 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex half
 crypto map ipsec_isakmp_map
!         
interface Virtual-Template1 
 ip unnumbered Loopback0
 ip nat inside
 ip virtual-reassembly
 peer default ip address pool POOL1
 vpdn authorization l2tp
 ppp authentication ms-chap-v2 l2tp
 ppp authorization l2tp
 ppp accounting l2tp
!         
ip local pool POOL1 172.16.1.2 172.16.1.200
ip route 0.0.0.0 0.0.0.0 1.1.1.1

ip nat inside source list 100 interface FastEthernet1/0 overload
!         
access-list 100 permit ip 192.168.106.0 0.0.0.255 any
access-list 100 permit ip 172.16.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.120.0 0.0.0.255 any         
!         
radius-server host 192.168.106.14 auth-port 1645 acct-port 1646
radius-server key cisco123


VPN-Router#