version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip icmp rate-limit unreachable
!
!         
!
!


!
ip dhcp excluded-address 192.168.20.1 192.168.20.19
!
ip dhcp pool PCI-Compliant
 network 192.168.20.0 255.255.255.0
 default-router 192.168.20.254 
!
!
!
no ip domain lookup
no ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!         
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
! 
!
!
!
!
crypto isakmp policy 1
 encr aes
 hash sha256
 authentication pre-share
 group 2
crypto isakmp key NAXSLABS address 203.0.113.1    
!
!
crypto ipsec transform-set NAXSLABSTS esp-aes esp-sha256-hmac 
 mode tunnel
!
!
!
crypto map NAXSLABSCM 10 ipsec-isakmp 
 set peer 203.0.113.1
 set transform-set NAXSLABSTS 
 match address NAXSLABSVPN-ACL
!
!
!
!
!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Ethernet0/1
 ip address 203.0.114.1 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 crypto map NAXSLABSCM
!
interface Ethernet0/2
 no ip address
!
interface Ethernet0/3
 no ip address
!
router ospf 1
 network 192.168.20.0 0.0.0.255 area 0
 network 203.0.114.0 0.0.0.3 area 0
 default-information originate
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list extended NAXSLABSNAT
 deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
 permit ip 192.168.20.0 0.0.0.255 any
ip access-list extended NAXSLABSVPN-ACL
 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
 transport input all
!
!
end