!This is the running config of the router: 10.0.0.10 !---------------------------------------------------------------------------- !version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname yourname ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 debugging logging console critical enable secret 5 $1$MuRk$TOTm4G4.nx245YZc9O./Q0 ! aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! aaa session-id common ! resource policy ! clock timezone PCTime 1 clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00 ip subnet-zero no ip source-route ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.10.1 10.10.10.39 ! ip dhcp pool sdm-pool1 import all network 10.10.10.0 255.255.255.0 default-router 10.10.10.30 ! ! ip tcp synwait-time 10 no ip bootp server no ip domain lookup ip domain name yourdomain.com ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-2288690633 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2288690633 revocation-check none rsakeypair TP-self-signed-2288690633 ! ! crypto pki certificate chain TP-self-signed-2288690633 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32323838 36393036 3333301E 170D3032 30333031 30303035 32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32383836 39303633 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009981 2ECE8107 257F02E9 F742B8C5 A2825F67 7ACF477F 2C4601A6 AAAC3132 BBB809A3 98C4E459 CA4E8A32 3CEF2339 FD732D0A 44EFB39A 59C57934 00E3FD7B 511A04C6 07D93A6A CC28C434 265C7DD3 B68F1D16 553B3E1B 3CC9D62E 53F95AC5 4B8A2D86 26FE0551 B5378E75 1B2A6227 DA0F0275 F98A43B8 37B87347 D8F50126 0EF50203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 141D5AA8 6424C332 1B60946C CCE36059 8768C762 77301D06 03551D0E 04160414 1D5AA864 24C3321B 60946CCC E3605987 68C76277 300D0609 2A864886 F70D0101 04050003 81810015 E81B490F DA5D475A E3EE8329 C34C732B BAAE4631 A4968008 F99EDAEC 63B7F50D 94266BCE 9FB04489 F1CCC3A3 9B9CBBE3 C1578E9E DB9351B2 164E6661 3D6B525F 5564340C 0B881A39 FEB8C7C6 0A5B084A 7ABB559B 5D1ABAB6 886361C5 B038D397 55307682 16050D44 F2E2CBD3 B43E87DD 49F515CE EA463966 C9176D3C 984045 quit username ************ privilege 15 secret 5 $1$zJgR$YqSLSKqUK/pitp6SQDGne0 ! ! ! crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key thesecretkey address 10.0.0.2 crypto isakmp aggressive-mode disable ! ! crypto ipsec transform-set ESP-AES128-SHA1 esp-aes esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to10.0.0.2 set peer 10.0.0.2 set transform-set ESP-AES128-SHA1 match address 100 ! ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$ ip address 10.0.0.10 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto crypto map SDM_CMAP_1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 10.10.10.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow ip tcp adjust-mss 1452 ! ip local pool SDM_POOL_1 10.0.0.20 10.0.0.30 ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet4 ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! logging trap debugging logging 10.0.0.4 logging 10.0.0.3 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip host 10.0.0.10 host 10.0.0.2 no cdp run ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end