R1(config)# ip access-list extended incoming_traffic_g0/0
R1(config-ext-nacl)# 10 permit udp host 2.2.2.10 host 1.1.1.10 eq 500 log
R1(config-ext-nacl)# 20 permit esp host 2.2.2.10 host 1.1.1.10 log
R1(config-ext-nacl)# 30 permit icmp any host 1.1.1.10 echo-reply log
R1(config-ext-nacl)#40  permit tcp any host 1.1.1.10 established log
R1(config-ext-nacl)# 1000 deny ip any any log