version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sohotest
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
ip cef
ip domain name ufa.domain.ru
ip ssh version 2
!
!
!
!
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 lifetime 28800
crypto isakmp key 1234567890 address 195.234.190.91
no crypto isakmp ccm
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myset 10 ipsec-isakmp
 set peer xxx.xxx.xxx.xxx
 set security-association lifetime seconds 28800
 set transform-set myset
 set pfs group1
 match address vpn
!
!
!
interface Loopback0
 ip address 10.0.1.1 255.255.255.252
 ip nat outside
!
interface Ethernet0
 no ip address
 shutdown
 hold-queue 100 out
!
interface Ethernet1
 ip address 10.25.100.1 255.255.255.0 secondary
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip policy route-map nat-loop
 duplex auto
 crypto map myset
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.25.100.2 255.255.255.255 10.0.1.2
ip http server
no ip http secure-server
!
ip nat inside source static 172.16.100.2 10.25.100.2
ip nat outside source static 10.6.6.4 172.16.100.1
!
!

ip access-list extended vpn
 permit ip 10.25.100.0 0.0.0.255 any
no logging trap
logging source-interface Ethernet0
access-list 102 permit ip 172.16.100.0 0.0.0.255 any
access-list 103 permit ip host 172.16.100.2 host 172.16.100.1
access-list 110 permit icmp any host 10.6.6.4
access-list 177 permit icmp any any
route-map nat-loop permit 20
 match ip address 103
 set ip next-hop 192.168.1.1
route-map nat-loop permit 30
 match ip address 102
 set ip next-hop 10.0.1.2
!
!
control-plane
!

!
line con 0
 no modem enable
 stopbits 1
line aux 0
 no exec
 stopbits 1
line vty 0 4
 login local
 rotary 1
 transport input ssh
!
scheduler max-task-time 5000
end