sh run Building configuration... Current configuration : 6067 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname COB_WAN ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local aaa authentication login USER_VPN local aaa authorization exec default local aaa authorization network GROUP_VPN local ! aaa session-id common ! resource policy ! ip subnet-zero ! ! ip cef ip inspect name DEFAULT100 http ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp p inspect name DEFAULT100 vdolive ! ! ip domain name xxx.com ip name-server xx.29.161.129 ip name-server xx.29.161.137 ! ! ! crypto pki trustpoint TP-self-signed-3543112455 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3543112455 revocation-check none rsakeypair TP-self-signed-3543112455 ! ! crypto pki certificate chain TP-self-signed-3543112455 certificate self-signed 01 30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33353433 31313234 3535301E 170D3037 30393139 31343034 35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35343331 31323435 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100F3FB DEA20F02 062D5C07 AC640BBE 6142ACDD A555416C 13AD2749 E3A8F4A3 4B0E38D0 CBDB072D F2A9F84D A3479615 222A601C 86209C3A 3FE60049 7407846D F8A3A3C2 C1ECA63A F3BDF916 4C8E0905 FA6C3A49 551F3037 A24AD67B 77C31046 71110E1E B4AB56CB 1DF58EAC 20ACC7B4 87F7B7C2 AFE6C076 F2147927 595BA4F5 125D0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603 551D1104 1E301C82 1A434F42 5F57414E 2E636974 796F6662 656C6C65 7675652E 636F6D30 1F060355 1D230418 30168014 68D0ED19 028844A7 0A4D3C60 62464B9E FA7B3F41 301D0603 551D0E04 16041468 D0ED1902 8844A70A 4D3C6062 464B9EFA 7B3F4130 0D06092A 864886F7 0D010104 05000381 8100C7A5 D1C118F7 2DE9893F 8C71D7BF 4FC590C3 F7274EFE C4499249 CE879607 0F6799FE D9B4D90D 59F45457 79CC87E5 25DDAC8A DCF78F86 84BF82FB AD9D2CE0 CC989EF4 6F864D67 2650036C A4345E77 B0FF4837 E568776C FFAB92C6 F3D9EB67 0935235F 77E13565 7670DF87 81AB4CE2 AF22D304 174E400A 3298C0B1 8D48819F 567F quit ! ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp keepalive 15 ! ! crypto isakmp client configuration group GROUP_VPN ! ! crypto ipsec transform-set 3DES esp-3des esp-sha-hmac ! crypto dynamic-map VPN_Clients 100 set transform-set 3DES reverse-route ! ! ! interface GigabitEthernet0/0 description WAN ip address 70.62.43.147 255.255.255.248 ip access-group DEFAULT100 in ip nat outside ip virtual-reassembly duplex auto speed auto ! interface GigabitEthernet0/1 description LAN ip address 10.1.1.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! ip local pool VPN_POOL 10.100.100.1 10.100.100.254 ip classless ip route 70.0.0.0 255.0.0.0 70.62.43.144 ! ip http server ip http port 8080 ip http access-class 20 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! access-list 100 permit ip 10.1.0.0 0.0.255.255 any access-list 100 permit icmp any any access-list 101 remark Allow VPN Client access-list 103 permit icmp any any access-list 120 permit ip 10.100.100.0 0.0.0.255 10.1.1.0 0.0.0.255 access-list 120 permit ip 10.1.1.0 0.0.0.255 10.100.100.0 0.0.0.255 access-list 150 permit ip host 10.1.1.10 any access-list 150 permit ip host 10.1.1.9 any access-list 150 permit ip host 10.1.1.3 any access-list 150 permit ip host 10.1.1.5 any access-list 150 deny ip 192.168.0.0 0.0.255.255 any route-map SRV_OUT permit 10 match ip address 150 ! route-map NAT_OUT permit 10 match ip address 100 ! ! ! control-plane !