Building configuration... Current configuration : 8634 bytes ! ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname 2621 ! boot-start-marker boot-end-marker ! ! memory-size iomem 15 clock timezone UTC 2 aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local aaa session-id common ip subnet-zero ip cef ! ! no ip domain lookup ip dhcp excluded-address 192.168.250.1 192.168.250.200 ip dhcp ping timeout 2000 ! ! ip dhcp pool pool250 network 192.168.250.0 255.255.255.0 dns-server 8.8.8.8 default-router 192.168.25.9 lease 0 1 ! ip audit po max-events 100 ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 28800 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 ! crypto isakmp policy 3 encr aes 256 authentication pre-share group 2 ! crypto isakmp policy 4 encr 3des authentication pre-share group 2 crypto isakmp key cisco address 1.1.1.1 no-xauth crypto isakmp keepalive 60 10 crypto isakmp xauth timeout 10 ! crypto isakmp client configuration group Admin key group dns 192.168.25.5 192.168.25.6 pool pool_admin acl acl_admin ! ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac crypto ipsec fragmentation after-encryption ! crypto dynamic-map dynmap 10 set transform-set ESP-3DES-SHA ! ! crypto map ToMDI client authentication list userauthen crypto map ToMDI isakmp authorization list groupauthor crypto map ToMDI client configuration address respond crypto map ToMDI 10 ipsec-isakmp set peer 1.1.1.1 set transform-set ESP-3DES-SHA set pfs group2 match address vpn crypto map ToMDI 65535 ipsec-isakmp dynamic dynmap ! ! ! interface Tunnel0 ip address 10.0.0.6 255.255.255.252 tunnel source 2.2.2.2 tunnel destination 1.1.1.1 ! interface FastEthernet0/0 description ===WAN=== ip address 2.2.2.2 255.255.255.248 ip access-group From_Internet in ip nat outside duplex auto speed auto crypto map ToMDI ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.25 description ===LAN=== encapsulation dot1Q 25 ip address 192.168.25.9 255.255.255.0 ip nat inside ! interface FastEthernet0/1.250 description ===Wi-Fi=== encapsulation dot1Q 250 ip address 192.168.250.9 255.255.255.0 ip access-group From_Wi-Fi in ip nat inside ! ip local pool pool_admin 192.168.52.16 ip nat pool REAL 2.2.2.2 2.2.2.2 prefix-length 24 ip nat inside source list pptp_nat pool REAL overload ip nat inside source list wifi_nat pool REAL overload no ip http server no ip http secure-server ip classless ip route 0.0.0.0 0.0.0.0 2.2.2.6 ! ! ! ip access-list extended From_Internet permit esp any any permit udp any any eq isakmp permit udp any any eq non500-isakmp permit gre any any permit tcp any any eq 1723 permit icmp any any permit tcp any any established permit udp any any ip access-list extended From_Wi-Fi deny ip any 10.0.0.0 0.0.0.255 deny ip any 172.16.0.0 0.15.255.255 deny ip any 192.168.0.0 0.0.255.255 permit icmp any any echo permit icmp any any echo-reply deny tcp any any eq smtp permit udp any host 8.8.8.8 eq domain deny udp any any eq domain permit udp any any range bootps bootpc permit tcp any any permit udp any any eq ntp ip access-list extended To_Internet deny ip 192.168.25.0 0.0.0.255 10.0.0.0 0.255.255.255 deny ip 192.168.25.0 0.0.0.255 192.168.0.0 0.0.255.255 permit ip 192.168.25.0 0.0.0.255 any ip access-list extended acl_admin permit ip 192.168.25.0 0.0.0.255 host 192.168.52.16 permit ip 10.253.10.0 0.0.0.255 host 192.168.52.16 ip access-list extended vpn permit ip 192.168.25.0 0.0.0.255 10.253.10.0 0.0.0.255 permit ip 192.168.52.0 0.0.0.255 10.253.10.0 0.0.0.255 ! ! ! ! line con 0 logging synchronous line aux 0 line vty 0 4 exec-timeout 30 0 logging synchronous transport input ssh line vty 5 15 ! ntp clock-period 17208420 ntp server 192.168.25.5 ! end