hostname WA1512 ! username admin password plain admin administrator ! http-username admin password plain admin administrator ! url-offload profile urlo-prof url netmeister offload-protocol both ! route-map urlo-map permit 1 match ip url-offload urlo-prof set ip next-hop dhcp MobileEthernet0.0 ! ip dhcp-server enable ip dhcp-server profile default default-gateway auto dns-server auto subnet-mask auto ! interface GigaEthernet1.0 ip address 192.168.2.200/24 ip dhcp-server binding default ip policy route-map urlo-map no shutdown ! interface MobileEthernet0.0 ip address dhcp ip tcp adjust-mss auto ip napt enable ip napt reserve icmp ip napt reserve udp 500 ip napt reserve esp ip napt reserve udp 4500 mobile id IP example.jp mobile username user@example.com mobile password plain example auto-connect no shutdown ! interface Loopback0.0 ip address 127.0.0.1/8 no shutdown ! interface IPsec0 ip address unnumbered ip tcp adjust-mss auto ipsec map ipsecprof1 ip url-offload profile urlo-prof no shutdown ! ip route default IPsec0 ip route 100.100.100.100/32 MobileEthernet0.0 ! proxy-dns ip enable proxy-dns server default 192.168.1.200 ! ike proposal ikeprop1 encryption-algorithm aes256-cbc authentication-algorithm hmac-sha2-256 lifetime 28800 ! ike policy ikepol1 mode aggressive dpd-keepalive enable ph1 20 3 local-id key-id testkey proposal ikeprop1 pre-shared-key plain secret nat-traversal enable keepalive 20 ! ipsec proposal ipsecprop1 protocol esp enc-algo aes256-cbc auth-algo hmac-sha2-256 lifetime 28800 ! ipsec policy ipsecpol1 local-id 192.168.2.0/24 remote-id 192.168.1.0/24 rekey enable always proposal ipsecprop1 ! ipsec profile ipsecprof1 mode tunnel ipsec policy ipsecpol1 ike policy ikepol1 source MobileEthernet0.0 peer 100.100.100.100 ! nm ip enable nm account example password plain testtest nm sitename example-office ! https-server ip enable https-server ip permit 192.168.2.0/24 https-server ip redirect enable ! led vpn ipsec !