SR-RTR1#show running-config 
Building configuration...

Current configuration : 3220 bytes
version 15.0
service sequence-numbers
!
hostname Cisco
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
ip domain name local
!
multilink bundle-name authenticated
!
!
redundancy
! 
!
crypto isakmp policy 1
 encr aes
 authentication pre-share
 group 14
 lifetime 180
crypto isakmp key password address 50.x.x.100
!
!
crypto ipsec transform-set aes-security esp-aes esp-sha-hmac 
no crypto ipsec nat-transparency udp-encaps
!
crypto map MAP 1 ipsec-isakmp 
 set peer 50.x.x.100
 set security-association level per-host
 set security-association lifetime seconds 2700
 set transform-set aes-security 
 set pfs group14
 match address ACL-VPN
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 172.16.119.1 255.255.255.0
 ip access-group 112 in
 ip access-group 112 out
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/1
 ip address 25.x.x.200 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map MAP
 !
!
no ip forward-protocol nd
!
!
ip nat inside source list ACL-NAT interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 25.0.0.200
ip route 10.16.119.0 255.255.255.0 GigabitEthernet0/1
!
ip access-list extended ACL-NAT
 deny   ip 172.16.119.0 0.0.0.255 10.16.119.0 0.0.0.255
 permit ip 172.16.119.0 0.0.0.255 any
ip access-list extended ACL-VPN
 permit ip 172.16.119.0 0.0.0.255 10.16.119.0 0.0.0.255
!
access-list 112 permit ip any any
!
!
end