# Access List# Enter the client's local IPsaccess-listinside_outbound_nat0_aclpermitiphostOUR_LOCAL_IPhostCLIENT_LOCAL_IP
access-listoutside_cryptomap_240permitiphostOUR_LOCAL_IPhostCLIENT_LOCAL_IP
# IPSec Encryption#crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac # Crypto Map Configuration # This is the line that reads the policy# Check if 240 exists, otherwise add +cryptomapoutside_map240ipsec-isakmp
cryptomapoutside_map240matchaddressoutside_cryptomap_240
#crypto map outside_map 240 set pfs group2cryptomapoutside_map240setpeerCLIENT_ROUTER_IP
cryptomapoutside_map240settransform-setESP-3DES-MD5
#crypto map outside_map 240 set security-association lifetime seconds 86400 kilobytes 10000#crypto map outside_map interface outside# ISAKMP Pre-Shared Key# Enter the shared key here#isakmp enable outsideisakmpkeyPRE-SHARED_KEYaddressCLIENT_ROUTER_IPnetmask255.255.255.255no-xauthno-config-mode#isakmp identity address# ISAKMP Encryption# Add if it doesn't existisakmppolicy160authenticationpre-share
isakmppolicy160encryption3des
isakmppolicy160hashmd5
isakmppolicy160group2isakmppolicy160lifetime86400
In case of conflicts between networks, it may be necessary to NAT our network. For this, don't create the access-list inside_outbound_nat0_acl but add the following lines: