!This is the running config of the router: 192.168.2.1 !---------------------------------------------------------------------------- !version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 xxxx ! username admin privilege 15 secret 5 xxxx no aaa new-model ip subnet-zero ! ! ip name-server 131.170.1.1 ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key xxxx address xxx.xxx.xxx.xxx ! ! crypto ipsec transform-set gtoffice esp-3des esp-md5-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to xxx.xxx.xxx.xxx set peer xxx.xxx.xxx.xxx set transform-set gtoffice match address 100 ! ! ! ! interface Ethernet0 description $ETH-LAN$ ip address 192.168.2.1 255.255.255.0 ip nat inside ip tcp adjust-mss 1412 hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 8/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname xxxx ppp chap password 0 xxxx ppp pap sent-username xxxx password 0 xxxx crypto map SDM_CMAP_1 ! ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ip nat inside source static tcp 192.168.2.23 25 xxx.xxx.xxx.xxx 25 extendable ip nat inside source static tcp 192.168.2.23 53 xxx.xxx.xxx.xxx 53 extendable ip nat inside source static udp 192.168.2.23 53 xxx.xxx.xxx.xxx 53 extendable ip nat inside source static tcp 192.168.2.23 80 xxx.xxx.xxx.xxx 80 extendable ip nat inside source static tcp 192.168.2.23 443 xxx.xxx.xxx.xxx 443 extendable ip nat inside source static tcp 192.168.2.23 1723 xxx.xxx.xxx.xxx 1723 extendable ip nat inside source static tcp 192.168.2.24 3389 xxx.xxx.xxx.xxx 3389 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server no ip http secure-server ! ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 remark SDM_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.2.0 0.0.0.255 any dialer-list 1 protocol ip permit route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 privilege level 15 login local transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 ! end