crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 3600
crypto isakmp key TheSecretKey address 222.222.222.222 no-xauth
!
!
crypto ipsec transform-set toHead esp-3des esp-sha-hmac
!
crypto map head 10 ipsec-isakmp
description HeadOffice
set peer 222.222.222.222
set transform-set toHead
set pfs group2
match address crypt_head
!

!
interface FastEthernet0/1
description Internet network
ip address 111.111.111.111 255.255.255.192
ip access-group inet_in in
ip access-group inet_out out
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1344
speed 10
full-duplex
crypto map head
!

ip access-list extended crypt_head
permit tcp 192.168.0.0 0.0.0.255 host 133.133.133.133 log
permit tcp 192.168.32.0 0.0.0.255 host 133.133.133.133 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.5 log
permit icmp 192.168.0.0 0.0.0.255 host 192.168.202.5 log
permit udp 192.168.0.0 0.0.0.255 host 192.168.202.5 log
permit icmp 192.168.0.0 0.0.0.255 host 192.168.202.29 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.29 eq www 443 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.28 eq www 443 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.61 eq www 443 211 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.6 eq 24554 log
permit icmp 192.168.0.0 0.0.0.255 host 192.168.202.18 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.18 range ftp-data ftp log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.18 range 4400 4500 log
permit icmp host 192.168.0.44 host 192.168.201.189 log
permit tcp host 192.168.0.44 host 192.168.201.189 eq www log
permit icmp 192.168.0.0 0.0.0.255 host 192.168.202.1 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.1 eq 3050 log
permit tcp host 192.168.32.35 host 134.134.134.134 eq 5058 log
permit tcp host 192.168.32.93 host 134.134.134.134 eq 5058 log
permit tcp host 192.168.29.9 host 134.134.134.134 eq 5058 log
permit tcp host 192.168.31.11 host 134.134.134.134 eq 5058 log
permit icmp 192.168.0.0 0.0.0.255 host 192.168.202.253 log
permit tcp 192.168.0.0 0.0.0.255 host 192.168.202.253 eq 3050 log
permit tcp host 192.168.0.2 host 192.168.202.5 eq 1433 log
permit tcp host 192.168.0.2 host 192.168.202.207 eq 1433 log
deny ip any any log