I hope this isn't too much. For aninimity I replaced our public net with 192.168.50.0 and changed some other numbering, but this is accurate of what I'm running.

Building configuration...

!

version 12.2

!

crypto isakmp policy 10

hash md5

authentication pre-share

crypto isakmp key keyname address 208.120.60.254

crypto isakmp key keyname address 216.80.75.68

!

!

crypto ipsec transform-set ecset esp-des esp-md5-hmac

!

crypto map ecmap 10 ipsec-isakmp

set peer 208.120.60.254

set transform-set ecset

match address 105

crypto map ecmap 11 ipsec-isakmp

set peer 216.80.75.68

set transform-set ecset

match address 106

!

interface FastEthernet0/0

description connected to EthernetLAN

ip address 192.168.50.193 255.255.255.192

no keepalive

duplex auto

speed auto

!

interface BRI0/0

description connected to Internet

bandwidth 64000

no ip address

ip access-group 101 in

encapsulation ppp

dialer rotary-group 1

isdn switch-type basic-ni

fair-queue

no cdp enable

crypto map ecmap

ip nat outside

!

interface FastEthernet0/1

description connected to Private LAN

ip address 192.168.110.1 255.255.255.0

no keepalive

duplex auto

speed auto

ip nat inside

!

interface Dialer1

ip address negotiated

ip access-group 101 in

encapsulation ppp

no ip split-horizon

dialer in-band

dialer idle-timeout 2147483

dialer hold-queue 1

dialer load-threshold 1 outbound

dialer-group 1

fair-queue 64 256 0

no cdp enable

ppp authentication chap pap callin

ppp multilink

crypto map ecmap

ip nat outside

!

interface Dialer2

ip unnumbered FastEthernet0/0

encapsulation ppp

ip tcp header-compression passive

no ip mroute-cache

dialer in-band

dialer-group 1

peer default ip address pool Cisco2621-Group-2

no cdp enable

ppp authentication pap

!

ip nat pool ecnat 192.168.50.254 192.168.50.254 prefix-length 26

ip nat inside source list 122 pool ecnat overload

ip nat inside source route-map nonat interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 5

!

access-list 105 permit ip 192.168.50.192 0.0.0.63 208.120.60.224 0.0.0.31

access-list 105 deny ip 192.168.50.192 0.0.0.63 any

access-list 106 permit ip 192.168.50.192 0.0.0.63 host 216.80.75.68

access-list 106 permit ip 192.168.50.192 0.0.0.63 192.168.160.0 0.0.0.255

access-list 106 deny ip 192.168.50.192 0.0.0.63 any

access-list 122 deny ip 192.168.110.0 0.0.0.255 host 216.80.75.68

access-list 122 deny ip 192.168.110.0 0.0.0.255 208.120.60.224 0.0.0.31

access-list 122 permit ip 192.168.110.0 0.0.0.255 any

access-list 122 deny ip any any

route-map nonat permit 10

match ip address 122

!

end