DSL PPOE IPSEC Example

! 
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share 
crypto isakmp key keyhere address x.x.x.x
!
!
crypto ipsec transform-set aesset esp-aes esp-sha-hmac 
!
crypto map aesmap 10 ipsec-isakmp 
 set peer x.x.x.x
 set transform-set aesset 
 match address 120
 
!
interface GigabitEthernet0/0
 description DSL interface
 no ip address
 duplex full
 speed 100
 pppoe enable
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
 no ip address
 duplex full
 speed auto
!
interface GigabitEthernet0/1.10
 description VLAN 10
 encapsulation dot1Q 10
 ip tcp adjust-mss 1452
 ip address 172.20.20.254 255.255.255.0
 ip helper-address 172.20.60.20
 no snmp trap link-status
!         
interface GigabitEthernet0/1.20
 description VLAN 20
 encapsulation dot1Q 20
 ip tcp adjust-mss 1452
 ip address 172.20.21.254 255.255.255.0
 no snmp trap link-status
!
interface GigabitEthernet0/1.30
 description VLAN 30
 encapsulation dot1Q 30
 ip tcp adjust-mss 1452
 ip address 172.20.22.254 255.255.255.0
 ip access-group agents_in in
 ip helper-address 172.20.60.20
 no snmp trap link-status
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp authentication pap chap callin
 ppp chap hostname hostnamehere
 ppp chap password 7 1414101E1E0824797478646473
 ppp pap sent-username usernamehere password 7 encryptedpasswordhere
 crypto map aesmap
 
!
ip route 0.0.0.0 0.0.0.0 Dialer1
 
ip nat inside source list 100 interface Dialer1 overload
 
!
access-list 100 deny   ip 172.20.20.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 deny   ip 172.20.21.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 deny   ip 172.20.22.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 100 permit ip any any
access-list 120 permit ip 172.20.20.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 120 permit ip 172.20.21.0 0.0.0.255 172.20.60.0 0.0.0.255
access-list 120 permit ip 172.20.22.0 0.0.0.255 172.20.60.0 0.0.0.255
</code>