hostname R1

!
ip domain-lookup
!
crypto key generate rsa label MYKEY modulus 2048
!
crypto pki trustpoint MYCA
enrollment mode ra
enrollment url http://10.6.4.219:80/certsrv/mscep/mscep.dll
revocation-check none
rsakeypair MYKEY
!
crypto ca authenticate MYCA
!
crypto ca enroll MYCA
!
crypto pki certificate chain MYCA
exit
!
crypto ca enroll MYCA
!
crypto isakmp policy 1
encr aes
authentication rsa-sig
group 2
!
crypto ipsec transform-set MYTS esp-aes esp-sha-hmac
!
crypto map MYVPN 1 ipsec-isakmp
set peer 192.168.100.2
set transform-set MYTS
match address 100
!
interface fa0/0
ip address 172.16.10.254 255.255.255.0
ip nat inside
no shut
interface fa0/1
ip address 192.168.100.1 255.255.255.252
ip nat inside
crypto map MYVPN
no shut
!
interface fa2/0
ip address dhcp
ip nat outside
no shut
!
router rip
version 2
network 172.16.0.0
network 192.168.100.0
default-information originate
!
ip nat inside source list 1 interface FastEthernet1/0 overload
!
access-list 1 permit any
!
access-list 100 permit ip 172.16.10.0 0.0.0.255 172.16.20.0 0.0.0.255
!
ntp server europe.pool.ntp.org
!

-----------------------------------------------------------------------

hostname R2
!
ip domain-lookup
ip name-server 10.6.0.1
!
crypto key generate rsa label MYKEY modulus 2048
!
crypto pki trustpoint MYCA
enrollment mode ra
enrollment url http://10.6.4.219:80/certsrv/mscep/mscep.dll
revocation-check none
rsakeypair MYKEY
!
crypto ca authenticate MYCA
!
crypto ca enroll MYCA
!
crypto isakmp policy 1
encr aes
authentication rsa-sig
group 2
!
crypto ipsec transform-set MYTS esp-aes esp-sha-hmac
!
crypto map MYVPN 1 ipsec-isakmp
set peer 192.168.100.1
set transform-set MYTS
match address 100
!
interface fa0/0
ip address 172.16.20.254 255.255.255.0
no shut
interface fa0/1
ip address 192.168.100.2 255.255.255.252
crypto map MYVPN
no shut
!
router rip
version 2
network 172.16.0.0
network 192.168.100.0
!
access-list 100 permit ip 172.16.20.0 0.0.0.255 172.16.10.0 0.0.0.255
!
ntp server europe.pool.ntp.org
!