Building configuration... Current configuration : 4489 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ########## ! boot-start-marker boot-end-marker ! enable secret 5 $1$lB1G$nG70NU8BjMYEKtVFna2GJ/ enable password @@@@@@ ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! ! ! ip name-server 1.1.1.1 ip name-server 2.2.2.2 ! ! ! crypto pki trustpoint TP-self-signed-1549124131 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1549124131 revocation-check none rsakeypair TP-self-signed-1549124131 ! ! crypto pki certificate chain TP-self-signed-1549124131 certificate self-signed 01 30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31353439 31323431 3331301E 170D3037 30383138 30373538 33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35343931 32343133 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100A21C 02D8DC00 42FDB20C 9B52B4E7 EE33E80B 943D8341 E53775D8 092E2A29 BD2FA3B6 9F8F5F63 7814DD96 0D57FF22 B54238B2 5ECFCD21 5665BAD8 EC0B17BF E8848F28 D316DD2A A0398F15 BEEF239E 0C051D7E 07CAD18A 5B6B0BA6 07C76749 4BDFC08F 675289AB 91AAB9CE 9A87EB88 31F0A2A0 1BE4F824 533F7EA1 C57C36F1 BBD10203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603 551D1104 11300F82 0D41554D 2D57414E 2D525430 312E301F 0603551D 23041830 168014E9 81CAB4C3 EE93D63D 70CF74DF 52988A6D 421D0C30 1D060355 1D0E0416 0414E981 CAB4C3EE 93D63D70 CF74DF52 988A6D42 1D0C300D 06092A86 4886F70D 01010405 00038181 00488B41 90E91A23 12798C2C E2BB1607 E370590F FF55D16A 626AEC6E D7901C93 4980A8A5 D0F10940 BC46AD9C DE859B1A 33573CFF 669809BB 86D36219 20C60979 07642A66 AAF0A12A 64CD2C41 BAFE099C 33B19868 43FA22CF B288F366 AFF5CDF8 D76DD85B A12CAE2C 905ED2F8 9723B5FE DD80D9C0 5FF21FDB 785DEB0F DF3AB6EE 93 quit ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key @@@@@@@ address 1.2.3.4 ! ! crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac crypto ipsec transform-set 3DES-SHA-compression esp-3des esp-sha-hmac comp-lzs crypto ipsec transform-set AES-SHA-compression esp-aes esp-sha-hmac comp-lzs crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac ! crypto map VPN-Map-1 11 ipsec-isakmp set peer 1.1.1.1 set transform-set ESP-3DES-SHA2 set pfs group2 match address Crypto-list ! ! ! interface Tunnel0 description tunnel to aipdc ip address 192.168.200.6 255.255.255.252 tunnel source 1.1.1.1. tunnel destination 2.2.2.2. ! interface Loopback10 ip address 10.60.70.1 255.255.255.255 ! interface FastEthernet0/0 description AUM LAN lINK ip address 192.168.100.1 255.255.255.0 ip nat inside ip virtual-reassembly ip policy route-map POLICY speed 100 full-duplex ! interface FastEthernet0/1 description WAN Link to IPNX ip address 3.3.3.3 255.255.255.192 ip nat outside ip virtual-reassembly duplex auto speed auto no cdp enable crypto map VPN-Map-1 ! ip classless ip route 0.0.0.0 0.0.0.0 62.173.36.1 ip route 192.168.0.0 255.255.255.0 Tunnel0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload ip dns server ip dns spoofing ! ip access-list extended Crypto-list permit ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255 ip access-list extended Internet-inbound-ACL permit udp host 2.2.2.2 any eq isakmp permit esp host 3.3.3.3 any ! access-list 100 permit gre host 1.1.1.1 host 3.3.3.3 access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255 access-list 101 deny gre host 1.1.1.1 host 3.3.3.3 access-list 101 permit ip 192.168.100.0 0.0.0.255 any access-list 180 permit ip any 192.168.0.0 0.0.0.255 route-map POLICY permit 10 match ip address 180 set interface Tunnel0 ! route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! ! control-plane ! ! line con 0 password @@@@@@ login line aux 0 line vty 0 4 password @@@@@@ login ! end