HNZfMP9n

11. Starting configurations for R1, ISP, and R3. Paste to global config mode :
2hostname R1
3interface g0/1
4ip address 192.168.1.1 255.255.255.0
5no shut
6interface g0/0
7ip address 209.165.100.1 255.255.255.0
8no shut
9exit
10ip route 0.0.0.0 0.0.0.0 209.165.100.2 
11
12hostname ISP
13interface g0/1
14ip address 209.165.200.2 255.255.255.0
15no shut
16interface g0/0
17ip address 209.165.100.2 255.255.255.0
18no shut
19exit
20
21hostname R3
22interface g0/1
23ip address 192.168.3.1 255.255.255.0
24no shut
25interface g0/0
26ip address 209.165.200.1 255.255.255.0
27no shut
28exit
29ip route 0.0.0.0 0.0.0.0 209.165.200.2 
30
312. Make sure routers have the security license enabled:
32license boot module c1900 technology-package securityk9
33
343. Configure IPsec on the routers at each end of the tunnel (R1 and R3)
35!R1
36crypto isakmp policy 10
37 encryption aes 256
38 authentication pre-share
39 group 5
40crypto isakmp key secretkey address 192.168.13.2
41crypto ipsec transform-set R1-R3 esp-aes 256 esp-sha-hmac
42crypto map IPSEC-MAP 10 ipsec-isakmp 
43 set peer 192.168.13.2
44 set pfs group5
45 set security-association lifetime seconds 86400
46 set transform-set R1-R3 
47 match address 100
48interface GigabitEthernet0/0
49 crypto map IPSEC-MAP
50access-list 100 permit ip 192.168.4.0 255.255.255.255 192.168.11.0 255.255.255.255
51
52!R3
53crypto isakmp policy 10
54 encryption aes 256
55 authentication pre-share
56 group 5
57!
58crypto isakmp key secretkey address 192.168.5.1
59!
60crypto ipsec transform-set R3-R1 esp-aes 256 esp-sha-hmac
61!
62crypto map IPSEC-MAP 10 ipsec-isakmp 
63 set peer 192.168.5.1
64 set pfs group5
65 set security-association lifetime seconds 86400
66 set transform-set R3-R1 
67 match address 100
68!
69interface GigabitEthernet0/1
70 crypto map IPSEC-MAP
71!
72access-list 100 permit ip 192.168.11.0 255.255.255.255 192.168.4.0 255.255.255.255