hostname IX2106
!
ip ufs-cache enable
ip route default GigaEthernet0.1
ip route 192.168.2.0/24 Tunnel0.0
ip dhcp enable
ip access-list sec-list permit ip src any dest any
ip access-list web-http-acl permit ip src 192.168.1.0/24 dest any
!
ike nat-traversal policy ike-policy
!
ike proposal ike-prop encryption aes-256 hash sha2-256
!
ike policy ike-policy peer any key test mode aggressive ike-prop
ike remote-id ike-policy keyid secret
!
ipsec autokey-proposal ipsec-prop esp-aes-256 esp-sha2-256
!
ipsec dynamic-map ipsecpol sec-list ipsec-prop ike ike-policy
ipsec local-id ipsecpol 192.168.1.0/24
ipsec remote-id ipsecpol 192.168.2.0/24
!
proxy-dns ip enable
proxy-dns interface GigaEthernet0.1 priority 254 
! 
http-server username admin password plain admin
http-server ip access-list web-http-acl
http-server ip enable
!
ppp profile sample
  authentication myname user@example.com
  authentication password user@example.com password-1
!
ip dhcp profile lan1
  assignable-range 192.168.1.10 192.168.1.99
  default-gateway 192.168.1.254
  dns-server 192.168.1.254
!
interface GigaEthernet0.0
  ip address 192.168.100.254/24
  no shutdown
!
interface GigaEthernet1.0
  ip address 192.168.1.254/24
  ip dhcp binding lan1
  no shutdown
!
interface GigaEthernet0.1
  encapsulation pppoe
  auto-connect
  pppoe service-name IP,1,example.jp
  ppp binding sample
  ip address ipcp
  ip tcp adjust-mss auto
  ip napt enable
  ip napt static GigaEthernet0.1 50
  ip napt static GigaEthernet0.1 udp 500
  ip napt static GigaEthernet0.1 udp 4500
  ip napt static GigaEthernet0.1 1
  no shutdown
!
interface Tunnel0.0
  tunnel mode ipsec
  ip unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  ipsec policy tunnel ipsecpol
  no shutdown
!
nm ip enable
nm account example password plain testpass
!