Untitled


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key cisco@123 address 100.100.100.100
!
!
crypto ipsec transform-set MY-SET esp-aes esp-md5-hmac
!
crypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmp
 set peer 100.100.100.100
 set transform-set MY-SET
 match address VPN-TRAFFIC
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex half
!
interface FastEthernet1/0
 ip address 100.100.100.101 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex half
 crypto map IPSEC-SITE-TO-SITE-VPN
!
ip route 0.0.0.0 0.0.0.0 100.100.100.100
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet1/0 overload
ip nat inside source list 101 interface FastEthernet1/0 overload
ip nat inside source static tcp 192.168.20.2 4569 100.100.100.101 4569 extendable
ip nat inside source static tcp 192.168.20.2 5060 100.100.100.101 5060 extendable
ip nat inside source static tcp 192.168.20.2 5061 100.100.100.101 5061 extendable
!
!
ip access-list extended VPN-TRAFFIC
 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end