This is the running config of the router: 192.168.0.230 ---------------------------------------------------------------------------- !version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname MTLROUTER ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 $1$Q10a$zbXzCoIPxEd5mxYOWqGJf. ! no aaa new-model ! resource policy ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ip subnet-zero no ip source-route ! ! ip cef ip tcp synwait-time 10 no ip bootp server ip domain name chezcora.com.com ip name-server IPSDNS1 ip name-server IPSDNS2 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-2256068025 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2256068025 revocation-check none rsakeypair TP-self-signed-2256068025 ! ! crypto pki certificate chain TP-self-signed-2256068025 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32323536 30363830 3235301E 170D3038 30333237 32323337 32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32353630 36383032 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C2E1 9893EC3E 5F486360 41D8DCA4 4FDA2F08 126F2D9E EFE8D39B 54A57EFE AEF02691 D71FCCF6 C5F7C887 8D3C15AB 4EC9D31F 7E2F8F82 30D3BC2B 4A496F3B C5248D7B AAA035F2 032DB242 40888668 95A56310 2B0AFF45 7C2F38CF 7DFFAAF3 A7485B60 66075DAB 44CAF72C 5411321C 169C52D9 91ED8CF9 A3050EFA 48A32FDC 69AD0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 141B3173 53FDA609 027DFDF8 61578DA5 6F4A773C 49301D06 03551D0E 04160414 1B317353 FDA60902 7DFDF861 578DA56F 4A773C49 300D0609 2A864886 F70D0101 04050003 8181008E 092000CB 84D293D9 790AC82C C4374C8C DF9A877B B86CE001 0852823D 84F78A0C C8113E8B 8384DEC3 C388E5C9 8F0C2017 84D26864 1B9A5E2D 6210F2FB DA4210BF 171B7B11 24A3BA6E F2BD2EF5 68675B0B 08B44AE7 B4105263 55E3A687 9D550067 6EE4B730 77700A98 1DA3813E A5FC133B 1D0CEFB3 977EEC47 2E779140 2F336F quit username admin privilege 15 secret 5 ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key semipofo address 64.76.45.23 crypto isakmp key semipofo address 65.92.16.187 crypto isakmp key semipofo address 0.0.0.0 0.0.0.0 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA4 match address 105 ! ! crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ ip address PUBLIC_IP 255.255.255.248 no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto crypto map SDM_CMAP_1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 192.168.0.230 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1452 ! ip classless ip route 0.0.0.0 0.0.0.0 PUBLIC_IP ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 permit gre host PUBLIC_IP host 64.76.45.23 access-list 101 remark SDM_ACL Category=4 access-list 101 permit gre host 192.168.0.230 host 65.92.16.187 access-list 102 remark SDM_ACL Category=4 access-list 102 remark IPSec Rule access-list 102 permit ip 74.13.250.24 0.0.0.7 172.16.0.0 0.0.255.255 access-list 103 remark SDM_ACL Category=2 access-list 103 remark IPSec Rule access-list 103 deny ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255 access-list 103 remark IPSec Rule access-list 103 deny ip 74.13.250.24 0.0.0.7 172.16.0.0 0.0.255.255 access-list 103 permit ip 192.168.0.0 0.0.0.255 any access-list 104 remark SDM_ACL Category=4 access-list 104 permit gre host 192.168.0.230 host 65.92.16.187 access-list 105 remark SDM_ACL Category=4 access-list 105 remark IPSec Rule access-list 105 permit ip 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255 no cdp run route-map SDM_RMAP_1 permit 1 match ip address 103 ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end