hostname 1720-VPN-Router
!
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name customer.co.uk
ip audit notify log
ip audit po max-events 100
ip cef
!
!
!
!POLICY FOR INITIAL KEY EXCHANGE BETWEEN PEERS
crypto isakmp policy 10
 encr 3des
 hash sha
 authentication pre-share
 group 2
!
!
!BIND PRESHARED KEY TO REMOTE DESTINATION IP
crypto isakmp key <secret-pre-shared-key> address <IP_of_3005> no-xauth
!
!
!SELECT CRYPTO MECHANISM FOR THIS CONNECTION (AND ALL OTHERS THAT USE THIS TRANSFORM-SET)
crypto ipsec transform-set LAN-to-LAN esp-3des esp-md5-hmac
!
!
!BIND PEER, TFS AND ACCESS LIST TOGETHER
crypto map MAP 10 ipsec-isakmp 
 set peer <IP_of_3005>
 ! set security-association lifetime seconds 28800 !Needed for IOS to PIX only
 set transform-set LAN-to-LAN 
 match address IPSEC_VPN
!
!
interface Ethernet0
 description Outside network
 ip address <outside-addr> 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 !BIND MAP TO INTERFACE
 crypto map MAP
!
interface FastEthernet0
 description Inside network
 ip address <inside-addr> 255.255.255.0
 speed auto
!
!
!ACCESS-LIST, ONLY TRAFFIC DEFINED IN HERE IS SEND INTO THE VPN_TUNNEL
ip access-list extended IPSEC_VPN
 permit ip <local ip network> 0.0.0.255 <remote ip network> 0.0.0.255