!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$01Go$9RR1dm9CL3XHk1zyrwNnY0
enable password lab
!
no aaa new-model
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key my_key address 12.12.12.1
!
!
crypto ipsec transform-set my_vpn esp-3des esp-sha-hmac
!
crypto map my_vpn_map 1 ipsec-isakmp
set peer 12.12.12.1
set transform-set my_vpn
match address vpn_tunnel
!
!
!
!
interface FastEthernet0/0
ip address 192.168.21.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 12.12.12.2 255.255.255.252
ip access-group internet-in in
ip nat outside
ip virtual-reassembly
duplex half
speed auto
crypto map my_vpn_map
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 12.12.12.1
ip route 192.168.1.0 255.255.255.0 FastEthernet1/0
!
no ip http server
no ip http secure-server
!
ip nat inside source list for_nat interface FastEthernet1/0 overload
!
!
ip access-list extended for_nat
deny ip 192.168.21.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.21.0 0.0.0.255 any
ip access-list extended internet-in
permit udp host 12.12.12.1 host 12.12.12.2 eq non500-isakmp
permit udp host 12.12.12.1 host 12.12.12.2 eq isakmp
permit esp host 12.12.12.1 host 12.12.12.2
ip access-list extended vpn_tunnel
permit ip 192.168.21.0 0.0.0.255 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password lab2
login
!
!
end