test#show run Building configuration... Current configuration : 5296 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname test ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 PWD ! no aaa new-model ! resource policy ! clock timezone PCTime -5 clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00 ip subnet-zero no ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 172.16.0.1 172.16.0.99 ip dhcp excluded-address 172.16.0.201 172.16.0.254 ! ip dhcp pool sdm-pool1 import all network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 ! ! ip cef ip tcp synwait-time 10 no ip bootp server no ip domain lookup ip domain name yourdomain.com ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-3832993506 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3832993506 revocation-check none rsakeypair TP-self-signed-3832993506 ! ! crypto pki certificate chain TP-self-signed-3832993506 certificate self-signed 01 3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383332 39393335 3036301E 170D3032 30333031 30303535 32355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38333239 39333530 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B437 EB51FFA2 5B7CFCA7 9158AC2C 37651CC7 4B2E155E 5B19424A 49D2E721 69C88581 7C90F2E7 8C84DC29 65F17E0C 133094D8 429BCC29 DE1B9C08 24908892 8C7CC756 CF1E74CA 20438CB9 784CA83B A053D7E0 23B18C15 8584E08D DFCD26E8 2B151C8E FED8F288 42F2E83A ED851B5F 03E2157D 306D7850 F511B11C 68AE1A8C 619B0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603 551D1104 17301582 13746573 742E796F 7572646F 6D61696E 2E636F6D 301F0603 551D2304 18301680 144CE952 16FA9E7E E356C850 2113982E D9DC7D37 C9301D06 03551D0E 04160414 4CE95216 FA9E7EE3 56C85021 13982ED9 DC7D37C9 300D0609 2A864886 F70D0101 04050003 81810042 84B2A2BA 8450C218 5F258863 E87D0FEE 543DAF3C BE0F983A 3EF69A81 5696D387 1D14A766 8738E74B A1BE02FE D14AC5AF 62D6DB90 ACFCB532 D6C052CD 02E14A0C CD8C7327 6AFB519E 24EDF78E 29D4D325 42123002 7345A0DB F0562887 A593AED9 B9036C6C 7B825872 A7B62FB4 EF6DB3D7 B2F899BF DFB7B76A 725BC7A8 45E2BD quit username admin privilege 15 secret 5 $1$DpL9$4jqrr.5lcxzmiEW7qPzF0. ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 crypto isakmp key semipofo address IPADDRESSMAINSITE ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel toIPADDRESSMAINSITE set peer IPADDRESSMAINSITE set transform-set ESP-3DES-SHA match address 100 ! ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $ES_WAN$$FW_OUTSIDE$ no ip address no ip redirects no ip unreachables no ip proxy-arp ip route-cache flow duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$ ip address 172.16.0.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow ip tcp adjust-mss 1412 ! interface Dialer0 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp ip route-cache flow dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname b1jefh96 ppp chap password 7 094E1602170943245E ppp pap sent-username b1jefh96 password 7 121B5D1C1C0758327F crypto map SDM_CMAP_1 ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload ! logging trap debugging access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 172.16.0.0 0.0.0.255 access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 remark SDM_ACL Category=2 access-list 101 remark IPSec Rule access-list 101 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255 access-list 101 permit ip 172.16.0.0 0.0.0.255 any dialer-list 1 protocol ip permit no cdp run route-map SDM_RMAP_1 permit 1 match ip address 101 ! ! control-plane ! banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 login local no modem enable transport output telnet line aux 0 login local transport output telnet line vty 0 4 privilege level 15 login local transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end