aaa new-model
!
!
aaa authentication login userauth local
aaa authentication login line line enable
aaa authorization network groupauthor local 
aaa session-id common

crypto isakmp policy 2
 encr aes 256
 authentication pre-share
 group 2
!
crypto isakmp policy 3
 hash md5
 authentication pre-share
 group 2
crypto isakmp key ************** address 1.2.3.4 no-xauth
no crypto isakmp ccm
!
crypto isakmp client configuration group MYCOMPANYvpn
 key ***********
 domain mycompany.com
 pool MYCOMPANYpool
 acl 105
!
!
crypto ipsec transform-set MYCOMPANYset esp-3des esp-md5-hmac 
crypto ipsec transform-set TUNNELSET esp-aes 256 esp-sha-hmac 
!
crypto dynamic-map MYCOMPANY-dynamic-map 10
 set transform-set MYCOMPANYset 
!
!
crypto map MYCOMPANYmap client authentication list userauth
crypto map MYCOMPANYmap isakmp authorization list groupauthor
crypto map MYCOMPANYmap client configuration address respond
crypto map MYCOMPANYmap 10 ipsec-isakmp dynamic MYCOMPANY-dynamic-map 
crypto map MYCOMPANYmap 20 ipsec-isakmp 
 set peer 1.2.3.4
 set transform-set TUNNELSET 
 match address 107

interface Serial0/0
 ip address 5.6.7.8 255.255.255.252
 crypto map MYCOMPANYmap

ip local pool MYCOMPANYpool 172.17.0.1 172.17.0.100


access-list 105 permit ip 10.11.12.0 0.0.0.255 172.17.0.0 0.0.0.255
access-list 107 permit ip 10.11.12.0 0.0.0.255 10.0.46.0 0.0.0.255


route-map nonat permit 102
 match ip address 102


access-list 102 deny   ip 10.11.12.0 0.0.0.255 10.0.46.0 0.0.0.255
access-list 102 permit ip 10.11.12.0 0.0.0.255 any