crypto isakmp policy 10 hash md5 authentication pre-share crypto isakmp key cisco123 address 172.16.1.Y ! crypto ipsec transform-set myset esp-des esp-md5-hmac ! crypto map mymap 10 ipsec-isakmp set peer 172.16.1.Y set transform-set myset match address 100 ! interface FastEthernet0/0 ip address 192.168.X.1 255.255.255.0 ip nat inside ! interface FastEthernet1/0 ip address 172.16.1.X 255.255.255.0 ip nat outside crypto map mymap ! ip route 0.0.0.0 0.0.0.0 172.16.1.254 ! ip nat inside source list ACL_NAT interface FastEthernet1/0 overload ! ip access-list extended ACL_NAT deny ip any 192.168.Y.0 0.0.0.255 permit ip 192.168.X.0 0.0.0.255 any ! access-list 100 permit ip 192.168.X.0 0.0.0.255 192.168.Y.0 0.0.0.255