!This is the running config of the router: 192.168.2.1 !---------------------------------------------------------------------------- !version 12.3 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 xxxx ! username admin privilege 15 secret 5 xxxx no aaa new-model ip subnet-zero ! ! ip name-server 131.170.1.1 ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable no scripting tcl init no scripting tcl encdir ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 2 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key xxxx address xxx.62.159.99 ! ! crypto ipsec transform-set gtoffice esp-3des esp-md5-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to xxx.62.159.99 set peer xxx.62.159.99 set transform-set gtoffice match address 100 ! ! ! ! interface Ethernet0 description $ETH-LAN$ ip address 192.168.2.1 255.255.255.0 ip access-group 102 in ip nat inside ip tcp adjust-mss 1412 hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point pvc 8/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname xxxx ppp chap password 0 xxxx ppp pap sent-username xxxx password 0 xxxx crypto map SDM_CMAP_1 ! ip nat inside source static tcp 192.168.2.24 3389 interface Dialer0 3389 ip nat inside source static tcp 192.168.2.23 1723 interface Dialer0 1723 ip nat inside source static tcp 192.168.2.23 443 interface Dialer0 443 ip nat inside source static tcp 192.168.2.23 80 interface Dialer0 80 ip nat inside source static udp 192.168.2.23 53 interface Dialer0 53 ip nat inside source static tcp 192.168.2.23 53 interface Dialer0 53 ip nat inside source static tcp 192.168.2.23 25 interface Dialer0 25 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip http access-class 2 no ip http secure-server ! ! access-list 1 remark INSIDE_IF=Ethernet0 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.2.0 0.0.0.255 access-list 2 remark Auto generated by SDM Management Access feature access-list 2 remark SDM_ACL Category=1 access-list 2 permit 192.168.2.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 remark SDM_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 192.168.2.0 0.0.0.255 any access-list 102 remark Auto generated by SDM Management Access feature access-list 102 remark SDM_ACL Category=1 access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq telnet access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 22 access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq www access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq 443 access-list 102 permit tcp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq cmd access-list 102 permit udp 192.168.2.0 0.0.0.255 host 192.168.2.1 eq snmp access-list 102 deny tcp any host 192.168.2.1 eq telnet access-list 102 deny tcp any host 192.168.2.1 eq 22 access-list 102 deny tcp any host 192.168.2.1 eq www access-list 102 deny tcp any host 192.168.2.1 eq 443 access-list 102 deny tcp any host 192.168.2.1 eq cmd access-list 102 deny udp any host 192.168.2.1 eq snmp access-list 102 permit ip any any access-list 103 remark Auto generated by SDM Management Access feature access-list 103 remark SDM_ACL Category=1 access-list 103 permit ip 192.168.2.0 0.0.0.255 any dialer-list 1 protocol ip permit route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 access-class 103 in privilege level 15 login local transport preferred all transport input telnet ssh transport output all ! scheduler max-task-time 5000 ! end