no aaa new-model ip subnet-zero ip cef ! ! ! ip ips po max-events 100 vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! crypto isakmp policy 3 encr 3des hash md5 authentication pre-share group 2 lifetime 28800 crypto isakmp key nocalcart!@# address datacenterIP crypto isakmp invalid-spi-recovery crypto isakmp keepalive 10 ! ! crypto ipsec transform-set to_vpn esp-3des esp-md5-hmac ! crypto map to_vpn 8 ipsec-isakmp set peer datacenterIP set transform-set to_vpn match address VPNCarteret ! ! ! ! interface FastEthernet0/0 description NoCal Internal LAN ip address LAN 255.255.255.0 ip nat inside ip virtual-reassembly load-interval 30 duplex auto speed auto ! interface Serial0/0/0 description NoCal T1 Internet ip address WAN 255.255.255.252 ip nat outside ip virtual-reassembly no fair-queue crypto map to_vpn ! interface ATM0/1/0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 0/35 pppoe-client dial-pool-number 1 ! ! interface Dialer1 ip address negotiated ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname blahblah@blah.net ppp chap password 7 0505031735494258 ppp pap sent-username blahblah@blah.net password 7 000A161E105E0757 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 0.0.0.0 0.0.0.0 serial0/0/0 5 ip route datacenterIP 255.255.255.0 serial0/0/0 ip route datacenterIP 255.255.255.0 Dialer1 5 ! ip nat pool NoCal PUBLICLANBLOCK netmask 255.255.255.248 ip nat inside source route-map MAP-Internet interface Dialer1 overload ip nat inside source route-map MAP-Kodiak interface Serial0/0/0 overload ! ip access-list extended NAT-Internet deny ip LAN 0.0.0.255 datacenterLAN 0.0.0.255 deny ip LAN 0.0.0.255 datacenterLAN3 0.0.0.255 deny ip LAN 0.0.0.255 datacenterLAN2 0.0.255.255 permit ip LAN 0.0.0.255 any ip access-list extended NAT-Kodiak deny ip LAN 0.0.0.255 datacenterLAN 0.0.0.255 deny ip LAN 0.0.0.255 datacenterLAN3 0.0.0.255 deny ip LAN 0.0.0.255 datacenterLAN2 0.0.255.255 permit ip LAN 0.0.0.255 datacenterIP 0.0.0.255 ip access-list extended VPNCarteret permit ip LAN 0.0.0.255 datacenterLAN2 0.0.255.255 permit ip LAN 0.0.0.255 datacenterLAN3 0.0.0.255 permit ip LAN 0.0.0.255 datacenterLAN 0.0.0.255 ! logging history debugging dialer-list 1 protocol ip permit ! route-map MAP-Internet permit 10 match ip address NAT-Internet match interface Dialer1 ! route-map MAP-Kodiak permit 10 match ip address NAT-Kodiak match interface Serial0/0/0 !