crypto isakmp key TEST-IPSEC address XX.XX.XX.XXcrypto isakmp policy 20
encr aes 256
authentication pre-share
group 5
lifetime 28800
crypto ipsec transform-set AES256-SHA esp-aes 256 esp-sha-hmac
crypto map PI-IPSEC 1 ipsec-isakmp
description **TEST-IPSEC**
set peer XX.XX.XX.XX
set transform-set AES256-SHA
match address TEST-IPSEC
set security-association lifetime seconds 28800
ip access-l ex TEST-IPSEC
permit ip host <NAT-IP> host 10.4.0.7 (после NAT)
interface Loopback3
description **for IPSEC-PI**
ip address YY.YY.YY.YY 255.255.255.255
ip nat outside
ip policy route-map REROUTE
crypto map PI-IPSEC
------NAT-------
ip access-list extended XXXX
permit ip host 192.168.10.13 host 10.4.0.7
route-map XXXX permit 10
match ip address XXXX
ip nat inside source static 192.168.10.13 <NAT-IP> route-map XXXX extendable
------Reroute------
ip access-list extended REROUTE
permit ip host 192.168.10.13 host 10.4.0.7 (до NAT)
route-map REROUTE permit 6
description **for IPSEC-PI**
match ip address REROUTE
set default interface Loopback3
ip local policy route-map REROUTE