crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 crypto isakmp key key1 address ISAWAN.12 crypto isakmp key key2 address OfficWAN.183 ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac ! crypto ipsec profile VPN-ISA set transform-set to_vpn ! ! crypto map to_vpn 4 ipsec-isakmp set peer OfficeWAN.183 set transform-set to_vpn match address VPN-office ! ! interface Tunnel0 no ip address tunnel source FastEthernet4 tunnel destination ISAWAN.12 tunnel mode ipsec ipv4 tunnel protection ipsec profile VPN-ISA interface FastEthernet4 description Internet ip address dhcp ip accounting output-packets ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map to_vpn interface Vlan1 description LAN ip address 172.18.244.1 255.255.255.0 ip accounting output-packets ip nat inside ip virtual-reassembly ip route-cache flow ip route 10.11.0.0 255.255.0.0 Tunnel0 ip nat inside source route-map NAT interface FastEthernet4 overload ip access-list extended NAT deny ip 172.18.244.0 0.0.0.255 172.18.204.0 0.0.0.255 permit ip 172.18.244.0 0.0.0.255 any ip access-list extended VPN-office permit ip 172.18.244.0 0.0.0.255 172.18.204.0 0.0.0.255 route-map NAT permit 10 match ip address NAT