R1# R1#sh run Building configuration... Current configuration : 1496 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model memory-size iomem 5 no ip icmp rate-limit unreachable ip cef ! ! ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! archive log config hidekeys ! ! crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key vpnuser address 10.0.1.2 ! ! crypto ipsec transform-set myset esp-des esp-md5-hmac ! crypto map mymap 10 ipsec-isakmp set peer 10.0.1.2 set transform-set myset match address 100 ! ! ! ip tcp synwait-time 5 ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 10.0.1.1 255.255.255.0 duplex auto speed auto crypto map mymap ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet1/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet2/0 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ip route 2.0.0.0 255.0.0.0 10.0.1.2 ! ! no ip http server no ip http secure-server ! access-list 100 permit ip host 1.1.1.1 host 2.2.2.2 no cdp log mismatch duplex ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 login ! ! end R1# R1# R1# R1#ping 2.2.2.2 so lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 ..... Success rate is 0 percent (0/5) R1#ping 2.2.2.2 so lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/81/112 ms R1# R1# R1#sh cry isa sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 10.0.1.2 10.0.1.1 QM_IDLE 1001 0 ACTIVE IPv6 Crypto ISAKMP SA R1#sh cry ips sa interface: FastEthernet0/0 Crypto map tag: mymap, local addr 10.0.1.1 protected vrf: (none) local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/0/0) remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/0/0) current_peer 10.0.1.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5 #pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 5, #recv errors 0 local crypto endpt.: 10.0.1.1, remote crypto endpt.: 10.0.1.2 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0 current outbound spi: 0xC5C4BF7C(3318005628) inbound esp sas: spi: 0x62AB1448(1655379016) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } conn id: 1, flow_id: SW:1, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4521583/3587) IV size: 8 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0xC5C4BF7C(3318005628) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } conn id: 2, flow_id: SW:2, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4521583/3587) IV size: 8 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: R1# R1# R1#