version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service compress-config
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
no logging console
enable secret 5 $1$CBZk$jedLXaDwkkoXONypU96r7.
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
username admin privilege 15 secret 5 $1$5It7$nPe4e0jE4bYWq2GNmZpWc/
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 5
crypto isakmp key VPN@Booches address 212.123.212.10
!
!
crypto ipsec transform-set VPN-TS esp-aes 256 esp-sha-hmac
!
crypto map CM-VPN-R2 10 ipsec-isakmp
 set peer 212.123.212.10
 set transform-set VPN-TS
 match address VPN-R2
 reverse-route
!
!
!
interface Loopback0
 ip address 10.1.1.222 255.255.255.0 secondary
 ip address 10.1.1.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0
 description OUTSIDE
 ip address 212.123.212.9 255.255.255.248
 ip nat outside
 duplex auto
 speed auto
 crypto map CM-VPN-R2
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
ip nat translation timeout 30
ip nat pool LAN-R2 10.22.44.1 10.22.44.254 netmask 255.255.255.0
ip nat inside source list ACL-NAT interface FastEthernet0/0 overload
ip nat inside source list ACL-POLICY-NAT pool LAN-R2 overload
ip nat inside source static 10.1.1.222 10.22.44.222 route-map RM-STATIC-NAT extendable
ip classless
ip route 0.0.0.0 0.0.0.0 212.123.212.11
no ip http server
no ip http secure-server
!
ip access-list extended ACL-NAT
 deny   ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
 permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended ACL-POLICY-NAT
 deny   ip host 10.1.1.222 172.16.2.0 0.0.0.255
 permit ip 10.1.1.0 0.0.0.255 172.16.2.0 0.0.0.255
ip access-list extended ACL-STATIC-POLICY-NAT
 permit ip host 10.1.1.222 172.16.2.0 0.0.0.255
 permit ip host 10.22.44.222 172.16.2.0 0.0.0.255
ip access-list extended VPN-R2
 permit ip 10.22.44.0 0.0.0.255 172.16.2.0 0.0.0.255
!
route-map RM-STATIC-NAT permit 10
 match ip address ACL-STATIC-POLICY-NAT
!
!
alias exec r show run
alias exec rr show ip route
alias exec s show int status | excl unass
alias exec ss show int status
!
line con 0
 login local
line aux 0
line vty 0 4
 session-timeout 5
 exec-timeout 5 0
 login local
 transport preferred none
 transport input telnet ssh
 transport output telnet ssh
line vty 5 1340
 session-timeout 5
 exec-timeout 5 0
 login local
 transport preferred none
 transport input telnet ssh
 transport output telnet ssh
!
end