p7router1#sh run Building configuration... ! track 8 ip sla 1 reachability ! crypto isakmp policy 14 encr aes 256 authentication pre-share group 14 crypto isakmp key [password] address 198.198.4.38 ! ! crypto ipsec transform-set TransformSet esp-aes 256 esp-sha-hmac mode tunnel ! ! crypto map VPN 14 ipsec-isakmp set peer 198.198.4.38 set security-association lifetime seconds 28800 set transform-set TransformSet match address VPN_ACL ! ! ! interface GigabitEthernet0/0/0 description Internet ip address 38.38.38.98 255.255.255.248 ip nat outside negotiation auto crypto map VPN ! interface GigabitEthernet0/1/2 description server1 switchport trunk allowed vlan 10 switchport mode trunk ! interface Vlan10 description Server ip address 10.10.10.10 255.255.255.0 ip helper-address 10.10.10.100 ip nat inside ! ip nat inside source static tcp 10.10.10.50 30001 38.38.38.98 30001 extendable ip nat inside source route-map ISP interface GigabitEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 38.38.38.97 track 8 ip route 0.0.0.0 0.0.0.0 23.23.23.70 10 ! ip access-list extended LAN_NAT_POLICY deny ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255 deny ip 10.10.0.0 0.0.255.255 host 198.198.4.50 deny ip 10.10.0.0 0.0.255.255 host 198.198.4.51 deny ip 10.10.0.0 0.0.255.255 host 198.198.4.52 deny ip 10.10.0.0 0.0.255.255 host 198.198.4.53 deny ip host 198.198.4.50 10.10.0.0 0.0.255.255 deny ip host 198.198.4.51 10.10.0.0 0.0.255.255 deny ip host 198.198.4.52 10.10.0.0 0.0.255.255 deny ip host 198.198.4.53 10.10.0.0 0.0.255.255 permit ip 10.10.0.0 0.0.255.255 any ip access-list extended VPN_ACL permit ip 10.10.10.0 0.0.0.255 host 198.198.4.50 permit ip 10.10.10.0 0.0.0.255 host 198.198.4.51 permit ip 10.10.10.0 0.0.0.255 host 198.198.4.52 permit ip 10.10.10.0 0.0.0.255 host 198.198.4.53 permit ip host 198.198.4.50 10.10.10.0 0.0.0.255 permit ip host 198.198.4.51 10.10.10.0 0.0.0.255 permit ip host 198.198.4.52 10.10.10.0 0.0.0.255 permit ip host 198.198.4.53 10.10.10.0 0.0.0.255 ! ! ip sla 1 icmp-echo 38.38.38.97 source-ip 38.38.38.98 ip sla schedule 1 life forever start-time now ! ! route-map ISP permit 10 match ip address LAN_NAT_POLICY match interface GigabitEthernet0/0/0 !