service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!

!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 0123456789 address x.x.x.x(public IP)
!
crypto ipsec security-association lifetime seconds 28800
!
crypto ipsec transform-set TUNNEL esp-3des esp-md5-hmac
!
crypto map TUNNEL 10 ipsec-isakmp
 set peer x.x.x.x (Public IP)
 set transform-set TUNNEL
 match address for_vpn
!
!
!
!
interface FastEthernet0
 description OUTSIDE
 ip address c.c.c.c 255.255.255.240
 ip nat outside
 no ip virtual-reassembly
 duplex auto
 speed auto
 crypto map TUNNELHP
!
interface FastEthernet1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
 no keepalive
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description INSIDE
 ip address 172.20.63.254 255.255.240.0
 ip nat inside
 no ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 b.b.b.b
!
!
ip http server
no ip http secure-server
ip nat pool NATPOOL d.d.d.d(public IP) d.d.d.d (public IP) netmask 255.255.255.252
ip nat inside source list NAT pool NATPOOL overload
!
ip access-list extended NAT
 permit ip any 10.10.0.0 0.0.255.255
ip access-list extended for_vpn
 permit ip host d.d.d.d 10.10.0.0 0.0.255.255 (remote subnet)
!