R222#term len 0
R222#show run 
Building configuration...

Current configuration : 2285 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R222
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip flow-cache timeout active 1
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username cisco password 0 cisco
!
!
ip tcp synwait-time 5
!
class-map match-any VOIP_DSCP_SET
 match access-group name VOIP_ACL
!
!
policy-map SET_DSCP
 class VOIP_DSCP_SET
  set dscp ef
!
! 
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key firewall.cx address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac 
!
crypto ipsec profile protect-gre
 set security-association lifetime seconds 86400
 set transform-set TS 
!
!
!
!
!
interface Tunnel0
 description mGRE-DMVPN Tunnel
 ip address 172.16.0.1 255.255.255.0
 no ip redirects
 ip nhrp authentication firewall
 ip nhrp map multicast dynamic
 ip nhrp network-id 1
 tunnel source 150.50.5.2
 tunnel mode gre multipoint
 tunnel protection ipsec profile protect-gre
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description WAN-Network
 ip address 150.50.5.2 255.255.255.0
 ip flow ingress
 ip flow egress
 ip nbar protocol-discovery
 speed auto
 full-duplex
!
interface Ethernet1/0
 description LAN-Network
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet1/3
 no ip address
 shutdown
 half-duplex
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
no ip http server
no ip http secure-server
ip flow-export source FastEthernet0/1
ip flow-export version 9
ip flow-export destination 10.1.1.2 2055
!
!
!
!
ip access-list extended VOIP_ACL
 permit tcp any eq 1720 any
snmp-server community mynet RW
snmp-server ifindex persist
snmp-server chassis-id 2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 password cisco
 login local
!
!
end

R222#show cryp ipse
R222#show cryp ipsec en
R222#show cryp ipsec eng
R222#show cryp ipsec ?  
  client                Show Client Status
  policy                Show IPSEC client policies
  profile               Show ipsec profile information
  sa                    IPSEC SA table
  security-association  Show parameters for IPSec security associations
  transform-set         Crypto transform sets

R222#show cryp ipsec sa detai
R222#show cryp ipsec sa detail 

interface: Tunnel0
    Crypto map tag: Tunnel0-head-0, local addr 150.50.5.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (150.50.5.2/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (160.60.6.2/255.255.255.255/47/0)
   current_peer 160.60.6.2 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 302, #pkts encrypt: 302, #pkts digest: 302
    #pkts decaps: 301, #pkts decrypt: 301, #pkts verify: 301
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #pkts no sa (send) 0, #pkts invalid sa (rcv) 0
    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
    #pkts invalid prot (recv) 0, #pkts verify failed: 0
    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
    ##pkts replay failed (rcv): 0
    #pkts internal err (send): 0, #pkts internal err (recv) 0

     local crypto endpt.: 150.50.5.2, remote crypto endpt.: 160.60.6.2
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0x94669A32(2489752114)

     inbound esp sas:
      spi: 0xAEA73A38(2930195000)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        conn id: 2002, flow_id: SW:2, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4474780/83579)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x94669A32(2489752114)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        conn id: 2001, flow_id: SW:1, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4474780/83579)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (150.50.5.2/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (130.30.3.2/255.255.255.255/47/0)
   current_peer 130.30.3.2 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 381, #pkts encrypt: 381, #pkts digest: 381
    #pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #pkts no sa (send) 7, #pkts invalid sa (rcv) 0
    #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
    #pkts invalid prot (recv) 0, #pkts verify failed: 0
    #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
    #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
    ##pkts replay failed (rcv): 0
    #pkts internal err (send): 0, #pkts internal err (recv) 0

     local crypto endpt.: 150.50.5.2, remote crypto endpt.: 130.30.3.2
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1
     current outbound spi: 0x614991F4(1632211444)

     inbound esp sas:
      spi: 0xDC34DB1E(3694451486)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        conn id: 2003, flow_id: SW:3, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4414721/82894)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x614991F4(1632211444)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel, }
        conn id: 2004, flow_id: SW:4, crypto map: Tunnel0-head-0
        sa timing: remaining key lifetime (k/sec): (4414662/82894)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:
R222#show cry is
R222#show cry isakmp sa de
R222#show cry isakmp sa detail 
Codes: C - IKE configuration mode, D - Dead Peer Detection
       K - Keepalives, N - NAT-traversal
       X - IKE Extended Authentication
       psk - Preshared key, rsig - RSA signature
       renc - RSA encryption

C-id  Local           Remote          I-VRF    Status Encr Hash Auth DH Lifetime Cap.
3     150.50.5.2      160.60.6.2               ACTIVE 3des md5  psk  2  23:12:47     
       Connection-id:Engine-id =  3:1(software)
2     150.50.5.2      130.30.3.2               ACTIVE 3des md5  psk  2  23:01:24     
       Connection-id:Engine-id =  2:1(software)
R222#show cry
R222#show crypto en
R222#show crypto engine connect
R222#show crypto engine connections ac
R222#show crypto engine connections active 

  ID Interface            IP-Address      State  Algorithm           Encrypt  Decrypt
   2 FastEthernet0/1      150.50.5.2      set    HMAC_MD5+3DES_56_C        0        0
   3 FastEthernet0/1      150.50.5.2      set    HMAC_MD5+3DES_56_C        0        0
2001 FastEthernet0/1      150.50.5.2      set    3DES+MD5                306        0
2002 FastEthernet0/1      150.50.5.2      set    3DES+MD5                  0      305
2003 FastEthernet0/1      150.50.5.2      set    3DES+MD5                  0        9
2004 FastEthernet0/1      150.50.5.2      set    3DES+MD5                385        0