!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router_A
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 25
!
ip cef
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco address 200.200.200.2
!
crypto ipsec transform-set TS-IPSEC esp-3des esp-sha-hmac
!
crypto map MAP-IPSEC 1 ipsec-isakmp
set peer 200.200.200.2
set transform-set TS-IPSEC
match address 100
!
interface Ethernet0
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0
ip address 200.200.200.1 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
crypto map MAP-IPSEC
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.3
ip route 172.17.0.0 255.255.0.0 200.200.200.2
no ip http server
no ip http secure-server
!
ip nat inside source route-map nonat interface FastEthernet0 overload
!
access-list 100 permit ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255
access-list 110 deny ip 172.16.0.0 0.0.255.255 172.17.0.0 0.0.255.255
access-list 110 permit ip 172.16.0.0 0.0.255.255 any
!
route-map nonat permit 10
match ip address 110
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end