Mi sa di si:
Router#show running-config
Current configuration : 1354 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
!
!
ip cef
!
!--- Configuration for IKE policies.
!--- Enables the IKE policy configuration (config-isakmp)
!--- command mode, where you can specify the parameters that
!--- are used during an IKE negotiation.
crypto isakmp policy 10
hash md5
authentication pre-share
!--- Specifies the preshared key "cisco123" which should
!--- be identical at both peers. This is a global
!--- configuration mode command. It accepts any peer which matches
!--- the pre-shared key.
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!--- Configuration for IPsec policies.
!--- Enables the crypto transform configuration mode,
!--- where you can specify the transform sets that are used
!--- during an IPsec negotiation.
crypto ipsec transform-set DYN-TS esp-des esp-md5-hmac
!--- IPsec policy, Phase 2.
crypto dynamic-map DYN 10
!--- Configures IPsec to use the transform-set
!--- "DYN-TS" defined earlier in this configuration.
set transform-set DYN-TS
!--- Specifies the interesting traffic to be encrypted.
match address 101
crypto map IPSEC 10 ipsec-isakmp dynamic DYN
!
interface Ethernet0/0
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
half-duplex
!--- Configures the interface to use the
!--- crypto map "IPSEC" for IPsec.
crypto map IPSEC
!
interface FastEthernet1/0
ip address 10.2.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
no fair-queue
!
interface Serial2/1
no ip address
shutdown
!
interface Serial2/2
no ip address
shutdown
!
interface Serial2/3
no ip address
shutdown
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip nat inside source list 100 interface Ethernet0/0 overload
!
!--- This ACL 100 identifies the traffic flows and be PATed
!--- via the outside interface( Ethernet0/0).
access-list 100 deny ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
access-list 100 permit ip 10.2.1.0 0.0.0.255 any
!--- This crypto ACL 101 permit identifies the
!--- matching traffic flows to be protected via encryption.
access-list 101 permit ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.0.255
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
http://www.cisco.com/en/US/customer/pro ... bdc8.shtml