01.01.2008
Cisco 3620 Configuration File without Firewall Settings

!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
!
clock timezone ro 2
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
!
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
hash sha
lifetime 28800
crypto isakmp key 12345 address 192.168.22.234
!
!
crypto ipsec transform-set isaset esp-3des esp-sha-hmac 
!
crypto map isavpn 15 ipsec-isakmp 
set peer 192.168.22.234
set transform-set isaset 
set pfs group2
match address 101
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description "External Interface"
ip address 192.168.22.111 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map isavpn
!
interface FastEthernet1/0
description "Internal Interface"
ip address 192.168.40.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 111 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.22.1
no ip http server
!
access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.40.0 0.0.0.255 host 192.168.22.234
access-list 101 permit ip host 192.168.22.111 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.40.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.40.0 0.0.0.255 host 192.168.22.234
access-list 111 permit ip 192.168.40.0 0.0.0.255 any
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
end