Router#sho run Building configuration... Current configuration : 4820 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings ! aaa new-model ! ! aaa authentication login default local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local ! ! aaa session-id common ! crypto pki trustpoint TP-self-signed-3885639516 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3885639516 ! ! crypto pki certificate chain TP-self-signed-3885639516 certificate self-signed 01 30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 quit dot11 syslog ! ! ip cef ! ! ip domain name meogl.net ip name-server 172.20.0.4 ip name-server 4.2.2.2 ip name-server 41.9.4.1 ip name-server 8.8.8.8 ! multilink bundle-name authenticated ! ! username tomoooo privilege 15 secret 5 $1$pFZpe521 ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group gas key gas1234. dns 172.20.0.4 172.16.0.4 pool SDM_POOL_1 acl 100 save-password max-logins 10 netmask 255.255.255.0 crypto isakmp profile sdm-ike-profile-1 match identity group gas client authentication list sdm_vpn_xauth_ml_1 isakmp authorization list sdm_vpn_group_ml_1 client configuration address respond virtual-template 1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto ipsec profile SDM_Profile1 set transform-set ESP-3DES-SHA set isakmp-profile sdm-ike-profile-1 ! ! archive log config hidekeys ! ! ! ! ! interface BRI0 no ip address encapsulation hdlc ! interface FastEthernet0 ip address 4.6.8.13 255.255.255.252 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 switchport access vlan 100 ! interface FastEthernet3 switchport access vlan 200 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface FastEthernet9 ! interface Virtual-Template1 type tunnel ip unnumbered FastEthernet0 tunnel mode ipsec ipv4 tunnel protection ipsec profile SDM_Profile1 ! interface Vlan1 no ip address ! interface Vlan100 ip address 172.20.0.1 255.255.240.0 ip nat inside ip nat enable ip virtual-reassembly ! interface Vlan200 ip address 172.16.0.2 255.255.240.0 ip nat inside ip nat enable ip virtual-reassembly ! ip local pool SDM_POOL_1 192.168.1.1 192.168.1.100 ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 4.6.8.12 ! ! ip http server ip http authentication local ip http secure-server ip nat inside source route-map NAT interface FastEthernet0 overload ! access-list 100 permit ip 172.20.0.0 0.0.15.255 192.168.1.0 0.0.0.255 access-list 100 permit ip 172.16.0.0 0.0.15.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 172.20.0.0 0.0.15.255 192.168.1.0 0.0.0.255 access-list 101 deny ip 172.16.0.0 0.0.15.255 192.168.1.0 0.0.0.255 access-list 101 permit ip 172.20.0.0 0.0.15.255 any access-list 101 permit ip 172.16.0.0 0.0.15.255 any ! ! ! route-map NAT permit 1 match ip address 101 ! ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 privilege level 15 transport input telnet ssh line vty 5 15 privilege level 15 transport input telnet ssh ! end Router#