!---Access list for identify site-to-site traffic to encrypt
access-list ACL_CM_SiteAtoSiteB extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list ACL_CM_SiteAtoSiteB extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
!---Access list for VPN traffic to bypass NAT
access-list ACL_NONAT extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 
!---Prevents VPN traffic from undergoing NAT
nat (inside) 0 access-list ACL_NONAT
 
!---Phase 2 Configuration of IPSec 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
!---IPsec configuration for static LAN-to-LAN tunnel
crypto map CM_outside 5 match address ACL_CM_SiteAtoSiteB 
crypto map CM_outside 5 set pfs group1
crypto map CM_outside 5 set peer 2.2.2.2
crypto map CM_outside 5 set transform-set ESP-AES-128-SHA
crypto map CM_outside 5 set security-association lifetime seconds 28800
!---apply crypto map to outside interface
crypto map CM_outside interface outside
 
!---Enable Phase 1 isakmp to public interface
crypto isakmp enable outside
!---Phase 1 Configuration
crypto isakmp policy 1
authentication pre-share
encryption aes
hash sha
group 1
lifetime 28800
exit
 
!---NAT-T configuration
crypto isakmp nat-traversal 50
!---Allow IPsec tunnel traffic to bypass ACLs
sysopt connection permit-vpn
 
!---Define tunnel group
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key Pre-shared key
exit