Current configuration : 3873 bytes ! ! Last configuration change at 10:09:20 UTC Thu Jun 23 2016 ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname VNS-WAN-R1 ! boot-start-marker boot-end-marker ! ! enable secret 5 $1$NuEy$zMH4AeuVlVUnRq6.i9FX0/ ! aaa new-model ! ! aaa authentication login default local aaa authentication login RemoteVPN local aaa authentication login vpn_xauth local ! ! ! ! ! aaa session-id common ! ! ! ip cef no ipv6 cef ! multilink bundle-name authenticated ! cts logging verbose ! ! license udi pid CISCO1921/K9 sn FGL2012241L ! ! username dongnd secret 5 $1$/ufy$wNBZhF/60Hstamley1YKZ0 username NMV secret 5 $1$fN0p$Edwj7w8RvnShrSmXDGrZr1 ! redundancy ! ! crypto ikev2 policy 10 ! Policy Incomplete(MUST have atleast one complete proposal attached) ! ! ! track 1 ip sla 1 reachability ! ! ! crypto isakmp policy 10 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VNS-VPNClient key qazwsx@! dns 10.203.32.112 pool VPN-Pool acl 120 crypto isakmp profile Stanley-VPN match identity group VNS-VPNClient client authentication list vpn_xauth client configuration address respond virtual-template 2 ! ! crypto ipsec transform-set VNS esp-3des esp-sha-hmac mode tunnel ! crypto ipsec profile Stanley-VPN set transform-set VNS ! ! ! crypto map VNS-VPN 10 ipsec-isakmp profile Stanley-VPN ! ! ! ! ! interface Loopback0 ip address 10.0.0.1 255.255.255.0 ! interface Tunnel1 ip unnumbered Loopback0 tunnel mode ipsec ipv4 tunnel protection ipsec profile Stanley-VPN ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description ***Connect to VNPT FTTH*** backup interface GigabitEthernet0/1 ip address 113.160.64.230 255.255.255.248 ip nat outside ip virtual-reassembly in duplex auto speed auto crypto map VNS-VPN ! interface GigabitEthernet0/1 description ***Backup for INT Giga0/0*** no ip address ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/0/0 no ip address ! interface GigabitEthernet0/0/1 no ip address ! interface GigabitEthernet0/0/2 no ip address ! interface GigabitEthernet0/0/3 no ip address ! interface Vlan1 description ***Connect to FireWall*** ip address 172.16.0.1 255.255.0.0 ip access-group 100 in ip nat inside ip virtual-reassembly in ! ip local pool VPN-Pool 10.0.0.5 10.0.0.25 ip forward-protocol nd ! no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 113.160.64.229 track 1 ip route 0.0.0.0 0.0.0.0 172.16.0.2 10 ip route 10.203.0.0 255.255.0.0 172.16.0.251 ip route 10.203.0.0 255.255.0.0 172.16.0.252 10 ip route 192.168.2.0 255.255.255.0 172.16.0.251 ip route 192.168.2.0 255.255.255.0 172.16.0.252 10 ! ip sla 1 icmp-echo 113.160.64.229 source-ip 113.160.64.230 frequency 30 ip sla schedule 1 life forever start-time now ip sla 2 icmp-echo 8.8.8.8 source-ip 113.160.64.230 frequency 15 ip sla schedule 2 life forever ip sla logging traps ip sla enable reaction-alerts ! ! access-list 100 deny ip 10.203.0.0 0.0.255.255 10.0.0.0 0.0.0.255 access-list 100 deny ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 100 permit ip 10.203.0.0 0.0.255.255 any access-list 100 permit ip 172.16.0.0 0.0.255.255 any access-list 120 permit ip 10.203.0.0 0.0.255.255 10.0.0.0 0.0.0.255 access-list 120 permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255 access-list 120 permit ip 172.16.0.0 0.0.255.255 10.0.0.0 0.0.0.255 ! ! ! control-plane ! ! ! line con 0 line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password Netmarks@1234 transport input none ! scheduler allocate 20000 1000 ! end