!--- Include traffic in the encryption process.

access-list 110 permit ip 10.2.2.0 255.255.255.0 10.1.1.0 255.255.255.0 

access-list 100 permit ip 10.2.2.0 255.255.255.0 10.1.1.0 255.255.255.0

ip local pool test 192.168.1.1-192.168.1.25
nat (inside) 0 access-list 100
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 30 set transform-set myset


crypto map newmap 10 ipsec-isakmp
crypto map newmap 10 match address 110

crypto map newmap 10 set transform-set myset

!--- Use the crypto-map sequence 20 command for PIX to VPN Client.

crypto map newmap 20 ipsec-isakmp dynamic dynmap
crypto map newmap interface outside
isakmp enable outside
isakmp key <presharekey> address 0.0.0.0 netmask 0.0.0.0 
   no-xauth no-config-mode
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5

!--- Internet Security Association and Key Management Protocol (ISAKMP) policy
!--- for a VPN Client running 3.x code and later needs to be Diffie-Hellman (DH)
!--- group 2 or above (group 1 is default).

isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

!--- IPSec group configuration for VPN Client.

vpngroup username address-pool test
vpngroup username idle-time 1800
vpngroup username password <presharekey>