· 7 years ago · Oct 02, 2018, 03:14 PM
1crypto isakmp policy 20
2 encr aes 256
3 authentication pre-share
4 group 2
5crypto isakmp key SECRETKEY address 8.8.8.8
6!
7crypto ipsec transform-set TRANSFORM esp-aes esp-sha-hmac
8!
9crypto map VPN 10 ipsec-isakmp
10 set peer 8.8.8.8
11 set transform-set TRANSFORM
12 match address 150
13!
14interface GigabitEthernet0/0
15ip address 192.168.1.1 255.255.255.0
16 ip nat inside
17!
18interface GigabitEthernet0/1
19 ip address 1.1.1.1 255.255.255.248
20 ip nat outside
21crypto map VPN
22!
23ip nat pool nimblepool 192.168.11.1 192.168.11.254 netmask 255.255.255.0 type match-host
24ip nat inside source route-map animblevpn pool nimblepool reversible
25ip nat inside source route-map comcast interface GigabitEthernet0/1 overload
26ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 1.1.1.2
27!
28access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.3.255
29access-list 101 deny icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.3.255
30access-list 101 permit ip 192.168.1.0 0.0.0.255 any
31access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.200.0 0.0.3.255
32access-list 102 permit icmp 192.168.1.0 0.0.0.255 192.168.200.0 0.0.3.255
33access-list 150 permit ip 192.168.11.0 0.0.0.255 192.168.200.0 0.0.3.255
34access-list 150 permit icmp 192.168.11.0 0.0.0.255 192.168.200.0 0.0.3.255
35!
36
37route-map animblevpn permit 2
38 match ip address 102
39!
40route-map comcast permit 10
41 match ip address 101
42 match interface GigabitEthernet0/1