Our company looking for cisco firewall that able build VPN and able insert below commend. Any model that can achieve? Please help to advice which model with most cheaper price~

start:-

hostname test

domain-name want-want.com

enable password cisco

passwd cisco

!

interface Vlan1

 nameif inside

 security-level 100

 ip address 10.163.1.1 255.255.255.0

!

interface Vlan2

 nameif outside

 security-level 0

 ip address 116.228.213.60 255.255.255.248

!

interface Ethernet0/0

 switchport access vlan 2

 no shut

!

interface Ethernet0/1

 no shut

!

interface Ethernet0/2

no shut

!

interface Ethernet0/3

no shut

!

interface Ethernet0/4

no shut

!

interface Ethernet0/5

no shut

!

interface Ethernet0/6

no shut

!

interface Ethernet0/7

no shut

!

clock timezone China 8

object-group network local-lan

 network-object 10.163.1.0 255.255.255.0

object-group network zb-lan

 network-object 10.0.0.0 255.254.0.0

object-group network fgs-lan

 network-object 10.128.0.0 255.128.0.0

object-group network permit-nat

network-object 10.163.1.8 255.255.255.255

access-list zb-vpnacl extended permit ip object-group local-lan object-group zb-lan

access-list fgs-vpnacl extended permit ip object-group local-lan object-group fgs-lan

access-list nat-acl extended permit ip object-group permit-nat any

access-list nonat-acl extended permit ip object-group local-lan object-group zb-lan

access-list nonat-acl extended permit ip object-group local-lan object-group fgs-lan

access-list video-out extended permit ip host 10.163.1.9 10.0.30.0 255.255.255.0

access-list video-out extended permit ip host 10.163.1.40 any

access-list video-out extended permit ip host 10.163.1.9 host 10.131.240.9

access-list video-in extended permit ip 10.0.30.0

255.255.255.0 host 10.163.1.9

access-list video-in extended permit ip any host 10.163.1.40

access-list video-in extended permit ip host 10.131.240.9 host 10.163.1.9

logging enable

logging buffered debugging

global (outside) 1 interface

nat (inside) 0 access-list nonat-acl

nat (inside) 1 access-list nat-acl

route outside 0.0.0.0 0.0.0.0 116.228.213.1 1

snmp-server host inside 10.0.0.245 community cisco

snmp-server host inside 10.128.0.10 community cisco

snmp-server community cisco

snmp-server enable traps snmp authentication

linkup linkdown coldstart

snmp-server enable traps syslog

crypto ipsec transform-set fgs-vpnset esp-3des esp-md5-hmac

crypto ipsec transform-set zb-vpnset esp-3des esp-md5-hmac

crypto map vpnmap 10 match address zb-vpnacl

crypto map vpnmap 10 set peer 116.228.213.29

crypto map vpnmap 10 set transform-set zb-vpnset

crypto map vpnmap 10 set trustpoint SHHQ-VPNCA2

crypto map vpnmap 20 match address fgs-vpnacl

crypto map vpnmap 20 set peer 221.224.209.186

crypto map vpnmap 20 set transform-set fgs-vpnset

crypto map vpnmap 20 set trustpoint SHHQ-VPNCA2

crypto map vpnmap interface outside

crypto ca trustpoint SHHQ-VPNCA2

 enrollment url http://116.228.213.55:80/certsrv/mscep/mscep.dll

subject-name CN=10.163.1.1, OU=WantWant Group, DC=want-want.com, C=CN

 serial-number

 ip-address 10.163.1.1

 keypair test

 crypto isakmp enable outside

crypto isakmp policy 10

 authentication rsa-sig

 encryption 3des

 hash md5

 group 2

 lifetime 86400

crypto isakmp policy 20

 authentication rsa-sig

 encryption 3des

 hash md5

 group 2

 lifetime 28800

crypto isakmp nat-traversal  20

telnet 10.0.0.0 255.0.0.0 inside

telnet timeout 5

crypto key generate rsa modulus 1024

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

ssh version 2

console timeout 0

management-access inside

dhcpd dns 10.131.240.10 10.0.0.67

dhcpd wins 10.0.0.67 10.0.0.68

dhcpd lease 691200

dhcpd domain want-want.com

!

dhcpd address 10.163.1.50-10.163.1.80 inside

dhcpd enable inside

!

priority-queue outside

ntp server 210.72.145.44

tunnel-group 116.228.213.29 type ipsec-l2l

tunnel-group 116.228.213.29 ipsec-attributes

 trust-point SHHQ-VPNCA2

tunnel-group 221.224.209.186 type ipsec-l2l

tunnel-group 221.224.209.186 ipsec-attributes

 trust-point SHHQ-VPNCA2

!

class-map video-in

 match access-list video-in

class-map video-out

 match access-list video-out

!

!

policy-map videopolicy

 class video-out

  priority

 class video-in

  priority

!

service-policy videopolicy interface outside

!

END