service password-encryption
hostname 2680_gliwice
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key qwerty1234CXZ address 91.192.0.182
crypto ipsec transform-set VPN_TRANSFORM esp-3des esp-sha-hmac


crypto map VPN_MAP 1 ipsec-isakmp
 set peer 91.192.0.182
 set transform-set VPN_TRANSFORM
 set pfs group2
 match address 100

interface FastEthernet0/0
 ip address 83.19.73.234 255.255.255.248
 ip nat outside
 crypto map VPN_MAP


interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.0
 ip nat inside

! wskazanie listy, ktra kontroluje NAT-a (dostp do internetu)
ip nat inside source list 101 interface FastEthernet0/0 overload

! ustawienie domylnej bramy - router ISP.
ip route 0.0.0.0 0.0.0.0 83.19.73.233

! lista nr 100 definiuje, pomidzy jakimi adresami bdzie uywany tunel ipsec
access-list 100 permit ip 192.168.200.128 0.0.0.127 192.168.150.128 0.0.0.127

! lista nr 101 okrela dostp do NAT-a. Zwr uwag na pierwszy wpis blokujcy.
access-list 101 deny   ip 192.168.200.128 0.0.0.127 192.168.150.128 0.0.0.127
access-list 101 permit ip 192.168.200.0 0.0.0.255 any
