please read below are the sample codes for lan-lan vpn:
for pix v6.x
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 121 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
ip address outside 1.1.1.1 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map myvpn 10 ipsec-isakmp
crypto map myvpn 10 match address 121
crypto map myvpn 10 set peer 1.1.1.2
crypto map myvpn 10 set transform-set myset
crypto map myvpn interface outside
isakmp enable outside
isakmp key cisco123 address 1.1.1.2 netmask 255.255.255.255 no-xauth no-config-mode
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
for 837
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key cisco123 address 1.1.1.1 no-xauth
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address 121
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip nat inside
interface Dialer0
ip address 1.1.1.2 255.255.255.0
ip access-group 111 in
ip nat outside
crypto map mymap
ip nat inside source route-map nonat interface Dialer0 overload
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 111 permit udp any host 1.1.1.2 eq non500-isakmp
access-list 111 permit udp any host 1.1.1.2 eq isakmp
access-list 111 permit esp any host 1.1.1.2
access-list 111 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 111 deny ip any any
access-list 121 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
route-map nonat permit 10
match ip address 101
