RouterGW#sh run
Building configuration...

Current configuration : 3053 bytes
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname RouterGW
!
boot-start-marker
boot-end-marker
!
logging buffered 40960 debugging
enable secret 5 $1$57pF$xb0CubsWq6je.aIWeYChe0
!
no aaa new-model
memory-size iomem 20
clock timezone GMT+7 7
no ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxx privilege 15 password 7 0207005602081245
archive
 log config
  hidekeys
!
!         
! 
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
crypto isakmp key vpn-test-tunnel address 168.241.243.2 no-xauth
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
!
crypto map SDM_CMAP_1 1 ipsec-isakmp 
 set peer 168.241.243.2
 set transform-set ESP-3DES-MD5 
 match address IPSEC_ACL
!
!
!
!
interface FastEthernet0/0
 ip address xxx.xxx.128.129 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 ip policy route-map MAP-1
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address yyy.yyy.168.145 255.255.255.240
 ip policy route-map MAP-1
 duplex auto
 speed auto
!
interface Serial0/2/0
 bandwidth 1536
 ip address yyy.yyy.166.222 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 load-interval 30
!
interface Serial0/3/0
 bandwidth 1536
 ip address xxx.xxx.136.58 255.255.255.252
 ip virtual-reassembly
 load-interval 30
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.136.57
ip route 0.0.0.0 0.0.0.0 Serial0/2/0
!
!
no ip http server
no ip http secure-server
ip nat inside source static xxx.xxx.128.134 yyy.yyy.168.150
!
ip access-list standard INTERNET
 permit xxx.xxx.128.134
 permit xxx.xxx.168.144 0.0.0.15
 deny   any log
!
ip access-list extended IPSEC_ACL
 permit ip yyy.yyy.168.144 0.0.0.15 168.241.0.0 0.0.127.255
 permit ip yyy.yyy.168.144 0.0.0.15 168.241.128.0 0.0.63.255
 permit ip yyy.yyy.168.144 0.0.0.15 168.241.192.0 0.0.31.255
ip access-list extended OUTSIDE
 permit ip any host 168.241.243.2
 permit ip any host 168.241.243.10
 deny   ip any any log
!
route-map MAP-1 permit 10
 match ip address INTERNET
 set interface Serial0/2/0
!
route-map MAP-1 permit 20
 match ip address OUTSIDE
 set ip next-hop xxx.xxx.136.57
!
route-map MAP-1 permit 1000
 set ip next-hop xxx.xxx.136.57
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 password 7 0602012D4019594955367
 logging synchronous
 login
line aux 0
line vty 0 4
 password 7 15160500087D7B7478
 logging synchronous
 login