R1(config)# crypto isakmp policy 1
R1(config-isakmp)# encr 3des
R1(config-isakmp)# hash sha
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# lifetime 86400
R1(config)# crypto isakmp key firewallcx address 1.1.1.2
R1(config)# ip access-list extended VPN-TRAFFIC
R1(config-ext-nacl)# permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
R1(config)# crypto ipsec transform-set TS esp-3des esp-md5-hmac
R1(config)# crypto map CMAP 10 ipsec-isakmp
R1(config- if)# crypto map CMAP
R1(config)# interface FastEthernet0/1
R1(config- if)# crypto map CMAP
R1(config)# ip nat inside source list 100 interface fastethernet0/1 overload
The above commands define the following (in listed order):