Cisco Cisco IOS Software Release 12.3(11)T

line aux 0

line vty 0 4

!

end

Once you permit the hosts/subnets you want encrypted, ensure that you put in an explicit deny statement. 
The deny statement states do not encrypt any other packets.

The following example is for IPSec on the Cisco 7200 router only. IPSec on the Cisco Catalyst 6500 amd 
the 7600 is configured on the Supervisor, rather than on the Home Agent.

access-list 101 deny   ip any any

access-list 103 deny   ip any any

-------------------------------------------------------

!

! No configuration change since last restart

!

version 12.2

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname 7206f1

!

aaa new-model

!

!

aaa authentication login CONSOLE none

aaa authentication login NO_AUTHENT none

aaa authentication ppp default group radius

aaa authorization config-commands

aaa authorization ipmobile default group radius 

aaa authorization network default group radius 

aaa session-id common

enable password 7 151E0A0E

!

username xxx privilege 15 nopassword

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

!

crypto isakmp policy 1

 authentication pre-share

crypto isakmp key cisco address 1.1.1.4

crypto isakmp key cisco address 172.18.60.30

!

!

crypto ipsec transform-set esp-des-sha-transport esp-des esp-sha-hmac