interface fa0/0 ip address 10.0.0.2 255.255.255.0 ip nat inside ip policy route-map vpn interface atm0/0/0.1 point-to-point ip address aaa.aaa.aaa.aaa 255.255.255.0 ip nat outside crypto map SDM_CMAP_1 interface fa0/1 ip address bbb.bbb.bbb.bbb 255.255.255.248 ip nat outside crypto map SDM_CMAP_1 ip route 0.0.0.0 0.0.0.0 atm0/0/0.1 10 name WAN1 track 100 ip route 0.0.0.0 0.0.0.0 fa0/1 20 name WAN2 track 200 ip route 4.2.2.1 255.255.255.255 atm0/0/0.1 ip route 4.2.2.2 255.255.255.255 fa0/1 ip route 10.10.10.0 255.255.255.0 fa0/1 permanent ip route 10.10.20.0 255.255.255.0 atm0/0/0.1 permanent ip route 192.168.0.0 255.255.255.0 10.0.0.1 permanent ip nat inside source route-map primary-wan interface atm0/0/0.1 overload ip nat inside source route-map secondary-wan interface fa0/1 overload route-map primary-wan permit 10 match ip address 110 set interface atm0/0/0.1 route-map secondary-wan permit 10 match ip address 110 set interface fa0/1 route-map vpn permit 10 match ip address 108 set interface fa0/1 route-map vpn permit 20 match ip address 109 set interface atm0/0/0.1 access-list 100 permit ip 10.0.0.0 0.0.0.255 10.10.10.0 0.0.0.255 access-list 100 permit ip 10.0.0.0 0.0.0.255 10.10.20.0 0.0.0.255 access-list 108 permit ip any 10.10.10.0 0.0.0.255 access-list 109 permit ip any 10.10.20.0 0.0.0.255 access-list 110 deny ip 10.0.0.0 0.0.0.255 10.10.10.0 0.0.0.255 ! no nat for vpn pool access-list 110 deny ip 10.0.0.0 0.0.0.255 10.10.20.0 0.0.0.255 ! no nat for vpn pool access-list 110 permit ip 10.0.0.0 0.0.0.255 any ip local pool myvpnippool_1 10.10.10.1 10.10.10.254 ! interface fa0/1 ip local pool myvpnippool_2 10.10.20.1 10.10.20.254 ! interface atm0/0/0.1 crypto isakmp policy 1 encryption aes 256 hash md5 authentication pre-share group 2 lifetime 14400 crypto isakmp policy 2 encryption 3des hash md5 authentication pre-share group 2 lifetime 14400 crypto isakmp nat keepalive 18 crypto isakmp client configuration group vpn-client-group_1 key @@@@ dns 192.168.0.2 192.168.0.3 domain mydomain.com pool myvpnippool_1 acl 100 crypto isakmp client configuration group vpn-client-group_2 key #### dns 192.168.0.2 192.168.0.3 domain mydomain.com pool myvpnippool_2 acl 100 crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map SDM_DYNMAP_1 1 set transform-set myset reverse-route crypto map SDM_CMAP_1 client authentication list aaa-authenticated crypto map SDM_CMAP_1 isakmp authorization list aaa-authorized crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ip sla monitor 100 type echo protocol ipIcmpEcho 4.2.2.1 timeout 2000 threshold 2000 frequency 10 ip sla monitor schedule 100 life forever start-time now ip sla monitor 200 type echo protocol ipIcmpEcho 4.2.2.2 timeout 2000 threshold 2000 frequency 10 ip sla monitor schedule 200 life forever start-time now track 100 rtr 100 reachability delay up 5 down 5 track 200 rtr 200 reachability delay up 5 down 5