Show running-config (Some information removed): version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Washtest ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! controller T1 0/0/0 framing esf linecode b8zs channel-group 0 timeslots 1-24 ! controller T1 0/0/1 framing esf linecode b8zs channel-group 0 timeslots 1-24 ! ! crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 ! crypto isakmp key vpnkey address destination_public_ip ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac crypto ipsec df-bit set ! crypto map to_vpn 30 ipsec-isakmp set peer 210.7.66.162 set security-association lifetime seconds 28800 set transform-set to_vpn set pfs group2 match address 122 ! ! ! ! interface MFR1.500 point-to-point ip address x.x.x.x x.x.x.x no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly max-reassemblies 64 no cdp enable no arp frame-relay frame-relay interface-dlci 500 IETF crypto map to_vpn ! interface FastEthernet0/0 no ip address ip route-cache flow duplex auto speed auto no mop enabled ! interface FastEthernet0/0.5 encapsulation dot1Q 5 ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly no snmp trap link-status ! ! interface FastEthernet0/1 no ip address ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface FastEthernet0/1.32 description Test North HE encapsulation dot1Q 32 ip address 10.0.100.1 255.255.255.128 no snmp trap link-status ! interface FastEthernet0/1.33 description Test South HE encapsulation dot1Q 33 ip address 10.0.100.129 255.255.255.128 no snmp trap link-status ! interface Serial0/0/0:0 description Circuit ID mtu 4470 bandwidth 1536 no ip address no ip redirects no ip proxy-arp encapsulation frame-relay MFR1 no arp frame-relay ! interface Serial0/0/1:0 description Circuit ID mtu 4470 bandwidth 1536 no ip address no ip redirects no ip proxy-arp encapsulation frame-relay MFR1 no arp frame-relay ! interface Serial0/1/0 description circuit ID mtu 4470 ip address x.x.x.x 255.255.255.252 no ip redirects no ip proxy-arp ip virtual-reassembly encapsulation ppp ip route-cache flow service-module t1 remote-alarm-enable ! ip classless no ip forward-protocol udp tftp no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs ip route 0.0.0.0 0.0.0.0 MFR1.500 ! ip nat inside source route-map SDM_RMAP_1 interface MFR1.500 overload ip nat inside source static tcp 192.168.0.2 8080 x.x.x.x 8080 extendable ! access-list 100 remark SDM_ACL Category=2 access-list 100 deny ip 10.0.100.0 0.0.0.127 172.16.3.0 0.0.0.255 access-list 100 permit ip 192.168.0.0 0.0.0.255 any access-list 122 remark --- Traffic to encrypt access-list 122 permit ip 10.0.100.0 0.0.0.127 172.16.3.0 0.0.0.255 ! route-map SDM_RMAP_1 permit 1 match ip address 100 ! ! ! end