VPN-Router#Sh Run

VPN-Router#sh run

VPN-Router#sh running-config

Building configuration...

Current configuration : 3193 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname VPN-Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

aaa new-model

!

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa authorization network sdm_vpn_group_ml_1 local

!

aaa session-id common

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

ip domain name test.com

!

!

username cahi privilege 15 secret 5 $1$S7ZY$zwU2Y1u6fR5dLsHXW.

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

lifetime 28800

crypto isakmp key S-TM-.!4!7!3! address 202.61.xx.xx 255.255.255.252 no-xauth

crypto isakmp xauth timeout 15

!

crypto isakmp client configuration group VPNGroup

key NY-MIXIT

dns 66.xx.xx.xx 66.100.xx.xx

domain mixitusa.com

pool SDM_POOL_1

acl 101

include-local-lan

max-users 10

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

mode transport

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

!

crypto dynamic-map SDM_DYNMAP_1 1

set transform-set ESP-3DES-SHA1

reverse-route

!

!

crypto map US client authentication list sdm_vpn_xauth_ml_1

crypto map US isakmp authorization list sdm_vpn_group_ml_1

crypto map US client configuration address initiate

crypto map US client configuration address respond

crypto map US 1 ipsec-isakmp

set peer 202.61.xx.xxx

set transform-set ESP-3DES-SHA

match address 131

crypto map US_KHI 65535 ipsec-isakmp dynamic SDM_DYNMAP_1

!

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$

ip address 209.185.165.xxx 255.255.255.192

speed 100

full-duplex

crypto map US_KHI

!

interface FastEthernet0/1

description Inside - 209.185.165.x$ETH-LAN$

ip address 209.185.165.9 255.255.255.192

duplex auto

speed auto

!

ip local pool SDM_POOL_1 10.227.227.171 10.227.227.254

ip classless

ip route 0.0.0.0 0.0.0.0 209.185.165.xxx

ip route 209.185.165.0 255.255.255.0 209.185.165.xxx

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 202.63.194.xx

access-list 23 permit 202.61.42.xxx

access-list 23 permit 67.84.92.xxx

access-list 23 permit 137.101.12.xx

access-list 23 permit 10.10.10.0 0.0.0.x

access-list 23 permit 209.185.165.0 0.0.0.255

access-list 100 remark SDM_ACL Category=4

access-list 100 permit ip any host 209.185.165.xx

access-list 101 remark SDM_ACL Category=4

access-list 101 permit ip 209.185.165.0 0.0.0.255 any

access-list 131 remark SDM_ACL Category=4

access-list 131 permit ip host 209.185.165.154 host 202.61.42.xxx

!

!

control-plane

!

banner login ^CUnauthorized access to this device is intolerable. This device be

longs to Inc.^C

!

line con 0

line aux 0

line vty 0 4

access-class 23 in

transport input telnet ssh

line vty 5 15

access-class 23 in

transport input telnet ssh

!

end