service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
clock timezone EST 0
ip subnet-zero
no ip domain lookup
!
crypto isakmp policy 10
authentication pre-share
crypto isakmp key ciscokey address 100.1.1.1
!
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map myvpn 10 ipsec-isakmp
set peer 100.1.1.1
set transform-set myset
!--- Include the private-network-to-private-network traffic
!--- in the encryption process:
match address 101
!
!
!
interface FastEthernet4
ip address 200.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan1
ip address 10.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
crypto map myvpn
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.254
!
no ip http server
no ip http secure-server
!
!--- Except the private network from the NAT process:
ip nat inside source list 122 interface FastEthernet4 overload
!--- Except the static-NAT traffic from the NAT process if destined
!--- over the encrypted tunnel:
ip nat inside source static 10.1.1.3 200.1.1.25 route-map nonat
!
access-list 101 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
!--- Except the private network from the NAT process:
access-list 122 deny ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 122 permit ip 10.1.1.0 0.0.0.255 any
!--- Except the static-NAT traffic from the NAT process if destined
!--- over the encrypted tunnel:
access-list 150 deny ip host 10.1.1.3 172.16.1.0 0.0.0.255
access-list 150 permit ip host 10.1.1.3 any
!
route-map nonat permit 10
match ip address 150
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end