crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key key address 45.x.x.x
!
!
crypto ipsec transform-set TUN esp-3des esp-md5-hmac
!
!
!
!
crypto map vpn-to-hq 10 ipsec-isakmp
 set peer 45.x.x.x
 set transform-set TUN
 match address VPN-TRAFFIC
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/1
 ip address 10.10.1.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0/2
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map vpn-to-hq
 !
!
!
router eigrp 1
 network 10.10.0.0 0.0.255.255
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 10.213.100.1
!
ip access-list extended VPN-TRAFFIC
 permit ip 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
!
access-list 100 remark ::NAT::
access-list 100 deny   ip 10.10.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 10.10.0.0 0.0.255.255 any
access-list 100 remark
!