This is the config with out the the things that can be omitted and the ones that has to. I want to have default route also to VLAN7 to enable it to be contacted for roaming vpn from anywhere. Thanks.
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login userauthen local
aaa authentication login radiusauth group radius local
aaa authorization exec default local
aaa authorization exec radiusexec local group radius
aaa authorization network groupauthor local
aaa authorization network radiusgroup local group radius
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip inspect max-incomplete high 3000
ip inspect max-incomplete low 2900
ip inspect one-minute high 3000
ip inspect one-minute low 2900
ip inspect udp idle-time 300
ip inspect dns-timeout 15
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 50 block-time 1
ip inspect name firewall cuseeme
ip inspect name firewall ftp
ip inspect name firewall http
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall smtp
ip inspect name firewall sqlnet
ip inspect name firewall streamworks
ip inspect name firewall tcp
ip inspect name firewall tftp
ip inspect name firewall udp
ip inspect name firewall vdolive
no ip dhcp conflict logging
!
ip dhcp class C
!
ip ips po max-events 100
no ip bootp server
no ip domain lookup
no ftp-server write-enable
!
!
class-map match-any SDMScave-FastEthernet0/1
match protocol napster
match protocol fasttrack
match protocol gnutella
class-map match-any SDMTrans-FastEthernet0/1
match protocol citrix
match protocol finger
match protocol notes
match protocol novadigm
match protocol pcanywhere
match protocol secure-telnet
match protocol sqlnet
match protocol sqlserver
match protocol ssh
match protocol telnet
match protocol xwindows
class-map match-any SDMVoice-FastEthernet0/1
match protocol rtp audio
class-map match-any SDMSVideo-FastEthernet0/1
match protocol cuseeme
match protocol netshow
match protocol rtsp
match protocol streamwork
match protocol vdolive
class-map match-any SDMIVideo-FastEthernet0/1
match protocol rtp video
class-map match-any SDMManage-FastEthernet0/1
match protocol dhcp
match protocol dns
match protocol imap
match protocol kerberos
match protocol ldap
match protocol secure-imap
match protocol secure-ldap
match protocol snmp
match protocol socks
match protocol syslog
class-map match-any SDMRout-FastEthernet0/1
match protocol bgp
match protocol egp
match protocol eigrp
match protocol ospf
match protocol rip
match protocol rsvp
class-map match-any SDMSignal-FastEthernet0/1
match protocol h323
match protocol rtcp
class-map match-any SDMBulk-FastEthernet0/1
match protocol exchange
match protocol ftp
match protocol irc
match protocol nntp
match protocol pop3
match protocol printer
match protocol secure-ftp
match protocol secure-irc
match protocol secure-nntp
match protocol secure-pop3
match protocol smtp
match protocol tftp
!
!
policy-map SDM-Pol-FastEthernet0/1
class SDMManage-FastEthernet0/1
bandwidth remaining percent 5
set dscp cs2
class SDMVoice-FastEthernet0/1
priority percent 68
set dscp ef
class SDMRout-FastEthernet0/1
bandwidth remaining percent 5
set dscp cs6
class SDMTrans-FastEthernet0/1
bandwidth remaining percent 48
set dscp af21
class SDMSignal-FastEthernet0/1
bandwidth remaining percent 28
set dscp cs3
!
!
interface Null0
no ip unreachables
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect firewall in
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/0.1
encapsulation dot1Q 2
ip address 192.168.132.1 255.255.255.0
ip access-group 107 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip inspect firewall in
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/0.2
encapsulation dot1Q 3
ip dhcp client lease 10 0 0
ip address 10.0.0.1 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect firewall in
ip nat inside
ip virtual-reassembly
no ip route-cache same-interface
no cdp enable
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 192.168.133.1 255.255.255.0
ip access-group 108 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect firewall in
ip nat inside
ip virtual-reassembly
no ip route-cache same-interface
no cdp enable
!
interface FastEthernet0/1/0
switchport access vlan 7
no ip address
duplex half
speed 10
no cdp enable
!
interface FastEthernet0/1/1
switchport access vlan 8
no ip address
duplex half
speed 10
no cdp enable
!
interface FastEthernet0/1/2
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/1/3
switchport trunk native vlan 7
switchport mode trunk
no ip address
no cdp enable
!
interface Vlan1
no ip address
!
interface Vlan7
bandwidth 2048
ip address X.X.X.X X.X.X.X
ip access-group 102 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip rip send version 2
ip virtual-reassembly
service-policy output SDM-Pol-FastEthernet0/1
ip route-cache flow
no mop enabled
crypto map VPN
!
interface Vlan8
bandwidth 2048
ip address X.X.X.X X.X.X.X
ip access-group 114 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
service-policy output SDM-Pol-FastEthernet0/1
ip route-cache flow
no mop enabled
crypto map VPN
!
ip local pool VPN_Pool 192.168.135.100 192.168.135.250
ip classless
ip route 0.0.0.0 0.0.0.0 vlan8
ip route vpnendpoint vlan7
ip route 172.16.0.0 255.255.240.0 vlan7
ip route 192.168.0.0 255.255.128.0 2vlan7
ip route vlan7 network vlan7
ip nat inside source route-map nonat interface Vlan8 overload
ip nat inside source static 192.168.132.19 VLAN8 route-map StaticNat
ip nat inside source static 192.168.132.6 VLAN8 route-map StaticNat
!
!
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.5.10
access-list 1 permit 192.168.132.9
access-list 1 permit 192.168.132.27
access-list 1 permit 192.168.133.20
access-list 100 remark Nat rule for inside nat rules.
access-list 100 deny ip 192.168.128.0 0.0.127.255 172.16.0.0
0.0.255.255
access-list 100 deny ip 192.168.128.0 0.0.127.255 192.168.0.0
0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 100 deny ip 172.16.0.0 0.0.255.255 192.168.0.0
0.0.255.255
access-list 100 permit ip 192.168.128.0 0.0.127.255 any
access-list 100 permit ip 172.16.0.0 0.0.248.255 any
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark ACL for allow flow traffic trought the vpn
access-list 101 permit ip 192.168.128.0 0.0.127.255 172.16.0.0
0.0.15.255
access-list 101 permit ip 192.168.128.0 0.0.127.255 192.168.0.0
0.0.127.255
access-list 101 permit ip 172.16.0.0 0.0.248.255 172.16.0.0 0.0.15.255
access-list 101 permit ip 172.16.0.0 0.0.248.255 192.168.0.0
0.0.127.255
access-list 101 deny ip any any
access-list 102 permit esp any host vlan7
access-list 102 permit icmp any any
access-list 102 permit udp host 216.244.192.3 eq ntp host vlan7
access-list 102 permit udp any host vlan7 eq isakmp
access-list 102 permit udp any host vlan7 eq non500-isakmp
access-list 102 permit ahp any host vlan7
access-list 102 deny ip any any
access-list 103 remark ACL for the Lawyers VLAN
access-list 103 remark Permit the DHCP traffic from
access-list 103 remark the vlan to the router.
access-list 103 permit udp any any eq bootps
access-list 103 remark Deny access to our Lans
access-list 103 deny ip any 192.168.0.0 0.0.255.255
access-list 103 remark Deny access to the DMZ
access-list 103 deny ip any 172.16.0.0 0.0.255.255
access-list 103 remark Permit access to anything else
access-list 103 permit ip 10.0.0.0 0.0.0.255 any
access-list 103 deny ip any any
access-list 103 remark ACL for the Lawyers VLAN
access-list 103 remark Permit the DHCP traffic from
access-list 103 remark the vlan to the router.
access-list 103 remark Deny access to our Lans
access-list 103 remark Deny access to the DMZ
access-list 103 remark Permit access to anything else
access-list 104 remark ACL for allow flow traffic trought the roaming vpn
access-list 104 permit ip 172.16.0.0 0.0.63.255 192.168.135.0 0.0.0.255
access-list 104 permit ip 192.168.128.0 0.0.127.255 192.168.135.0
0.0.0.255
access-list 104 permit ip 192.168.0.0 0.0.127.255 192.168.135.0
0.0.0.255
access-list 105 remark Allow management from this ips
access-list 105 permit ip 192.168.22.0 0.0.0.255 any
access-list 105 permit ip 192.168.133.0 0.0.0.255 any
access-list 105 permit ip 192.168.132.0 0.0.0.31 any
access-list 105 deny ip any any
access-list 107 remark Recruiters VLAN ACLs
access-list 107 remark Allow any kind of traffic to all the computers between th
access-list 107 permit ip 192.168.132.0 0.0.0.63 any
access-list 107 remark Traffic to NY DMZ
access-list 107 permit ip 192.168.132.0 0.0.0.255 172.16.0.0 0.0.15.255
access-list 107 permit ip 192.168.132.0 0.0.0.255 192.168.0.0
0.0.255.255
access-list 107 deny ip any any
access-list 108 remark Development VLAN ACLs
access-list 108 permit ip any any
access-list 108 deny ip any any
access-list 109 remark DMZ VLAN ACLs
access-list 109 permit ip any any
access-list 109 deny ip any any
access-list 111 remark Static NAT ACL
access-list 111 deny ip host 192.168.132.6 172.16.0.0 0.0.255.255
access-list 111 deny ip host 192.168.132.6 192.168.0.0 0.0.255.255
access-list 111 deny ip host 192.168.132.19 172.16.0.0 0.0.255.255
access-list 111 deny ip host 192.168.132.19 192.168.0.0 0.0.255.255
access-list 111 permit ip host 192.168.132.19 any
access-list 111 permit ip host 192.168.132.6 any
access-list 114 remark ACL for the external Telecom dwarf int
access-list 114 permit esp any host vlan8
access-list 114 permit icmp any any
access-list 114 permit udp host 216.244.192.3 eq ntp host vlan8
access-list 114 permit udp any host vlan8 eq isakmp
access-list 114 permit udp any host vlan8 eq non500-isakmp
access-list 114 permit ahp any host vlan8
access-list 114 permit tcp any host vlan8 eq www
access-list 114 permit ip host 62.141.42.77 host vlan8
access-list 114 deny ip any any
no cdp run
route-map StaticNat permit 10
match ip address 111
!
route-map nonat permit 10
match ip address 100
!
!